Vulnerability Details : CVE-2022-41082
Public exploit exists!
Used for ransomware!
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerability category: Execute code
Products affected by CVE-2022-41082
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*
CVE-2022-41082 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Exchange Server Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Notes:
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082
Added on
2022-09-30
Action due date
2022-10-21
Exploit prediction scoring system (EPSS) score for CVE-2022-41082
92.45%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2022-41082
-
Microsoft Exchange ProxyNotShell RCE
Disclosure Date: 2022-09-28First seen: 2022-12-23exploit/windows/http/exchange_proxynotshell_rceThis module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution
CVSS scores for CVE-2022-41082
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.0
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
Microsoft Corporation | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Microsoft Corporation |
CWE ids for CVE-2022-41082
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-41082
-
https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script
CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability - Detection Script - vsocietyThird Party Advisory
-
http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
Microsoft Exchange ProxyNotShell Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
CVE-2022-41082 - Security Update Guide - Microsoft - Microsoft Exchange Server Remote Code Execution VulnerabilityVendor Advisory
-
https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/
Microsoft November 2022 Patch Tuesday fixes 65 vulnerabilities!Third Party Advisory
-
https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script
CVE-2022-41082 - Microsoft Exchange Server Remote Code Execution Vulnerability - Mitigation Script - vsocietyThird Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
CVE-2022-41082 - Security Update Guide - Microsoft - Microsoft Exchange Server Remote Code Execution VulnerabilityPatch;Vendor Advisory
-
https://www.kb.cert.org/vuls/id/915563
VU#915563 - Microsoft Exchange vulnerable to server-side request forgery and remote code execution.Third Party Advisory;US Government Resource
Jump to