CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
30 sept 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Microsoft / Exchange Server
Vulnerabilidad
Microsoft Exchange Server Remote Code Execution Vulnerability
Añadido a KEV
30 sept 2022
Remediar antes de
21 oct 2022
Uso conocido en ransomware
Sí
Descripción resumida
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082