CVE-2022-24508 — Vulnetix

CVE-2022-24508 PUBLISHED CVSS 8.800000190734863 HIGH

Win32 File Enumeration Remote Code Execution Vulnerability

EPSS 5.18% · 90.1th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

5.18%

90.1th percentile

Affected Products

Vendor	Product	Versions
microsoft	windows_server_20H2	10.0.0
microsoft	windows_11_21H2	10.0.0
microsoft	windows_10_21H1	10.0.0
Microsoft	Windows Server version 20H2	10.0.0
Microsoft	Windows Server 2022	10.0.20348.0
microsoft	windows_10	21h1, ,
microsoft	windows_server	20h2
microsoft	windows_10_20H2	10.0.0
Microsoft	Windows 10 Version 21H2	10.0.19043.0
microsoft	windows_10_21H2	10.0.19043.0
microsoft	windows_11
Microsoft	Windows 11 version 21H2	10.0.0
Microsoft	Windows 10 Version 20H2	10.0.0
microsoft	windows_server_2022	10.0.20348.0
Microsoft	Windows 10 Version 21H1	10.0.0

Timeline

Mar 8, 2022 CVE Published
Mar 9, 2022 PoC Published
Mar 10, 2022 EPSS Score
Apr 30, 2022 EPSS Score
Jun 21, 2022 EPSS Score
Oct 2, 2022 EPSS Score
Nov 23, 2022 EPSS Score
Mar 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Jun 16, 2023 EPSS Score
Aug 6, 2023 EPSS Score
Nov 17, 2023 EPSS Score

References

https://msrc.microsoft.com/update-guide/ advisory
Win32 File Enumeration Remote Code Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-24508 advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24508 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›