VDB
CVE-2022-41080
CVE-2022-41080
PUBLISHED
KEV
Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen.
EPSS 93.80% · 99.9th percentile
Risk Scores
EPSS Score
93.80%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 | |
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Exploit Intelligence
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- ohnonoyesyes/CVE-2022-41080 (github-poc)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2022-41080 (circl-sighting)
- CIRCL seen: CVE-2022-41080 (circl-sighting)
…and 39 more exploits
Timeline
- Sep 30, 2022 PoC Published
- Nov 8, 2022 CVE Published
- Nov 10, 2022 EPSS Score
- Dec 23, 2022 EPSS Score
- Dec 23, 2022 PoC Published
- Dec 23, 2022 PoC Published
- Jan 10, 2023 CISA KEV Added
- Jan 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 14, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 1, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1980.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1980 advisory
- https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/ exploit
- https://msrc.microsoft.com/update-guide advisory