CVE-2022-31199
Netwrix Auditor Insecure Object Deserialization Vulnerability
CVSS
—
Sin CVSS
EPSS
36.0%
p98
KEV
SÍ
11 jul 2023
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Netwrix / Auditor
Vulnerabilidad
Netwrix Auditor Insecure Object Deserialization Vulnerability
Añadido a KEV
11 jul 2023
Remediar antes de
1 ago 2023
Uso conocido en ransomware
Sí
Descripción resumida
Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.
Acción requerida
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notas
Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003; https://nvd.nist.gov/vuln/detail/CVE-2022-31199
Sin CVEs relacionados por CWE o producto.