Lucene search

CVE-2022-26923

🗓️ 10 May 2022 21:10:15Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 961 Views🌐 WEB

Active Directory Domain Services Elevation of Privilege Vulnerability - CVE-2022-2692

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 58
Cvelist	CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability	10 May 202220:33	–	cvelist
AttackerKB	CVE-2022-26923	10 May 202200:00	–	attackerkb
AttackerKB	CVE-2022–26923 aka Certifried	21 Dec 202300:00	–	attackerkb
Prion	Privilege escalation	10 May 202221:15	–	prion
Zero Day Initiative	Microsoft Windows Active Directory Certificate Services Improper Authorization Privilege Escalation Vulnerability	10 May 202200:00	–	zdi
Microsoft CVE	Active Directory Domain Services Elevation of Privilege Vulnerability	10 May 202207:00	–	mscve
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	17 Aug 202221:13	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	17 Oct 202306:29	–	githubexploit
GithubExploit	Exploit for Improper Certificate Validation in Microsoft	28 Nov 202316:13	–	githubexploit
NVD	CVE-2022-26923	10 May 202221:15	–	nvd

Nvd

Vulners

Node

microsoft windows_10_1507Range<10.0.10240.19297

microsoft windows_10_1607Range<10.0.14393.5850

microsoft windows_10_1809Range<10.0.17763.4252

microsoft windows_10_1909Range<10.0.18363.2274

microsoft windows_10_20h2Range<10.0.19042.1706

microsoft windows_10_21h1Range<10.0.19043.1706

microsoft windows_10_21h2Range<10.0.19044.1706

microsoft windows_11_21h2Range<10.0.22000.1817

microsoft windows_8.1Match-

microsoft windows_rt_8.1Match-

microsoft windows_server_2012Matchr2

microsoft windows_server_2016Range<10.0.14393.5850

microsoft windows_server_2019Range<10.0.17763.4252

microsoft windows_server_2022Range<10.0.20348.1668

[
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1809",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.17763.0",
        "lessThan": "10.0.17763.4252",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1809",
    "platforms": [
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.17763.4252",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2019",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.17763.0",
        "lessThan": "10.0.17763.4252",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2019 (Server Core installation)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.17763.0",
        "lessThan": "10.0.17763.4252",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1909",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.18363.2274",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 21H1",
    "platforms": [
      "x64-based Systems",
      "ARM64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19043.1706",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2022",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.20348.0",
        "lessThan": "10.0.20348.1668",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 20H2",
    "platforms": [
      "32-bit Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19042.1706",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server version 20H2",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19042.1706",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 11 version 21H2",
    "platforms": [
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.22000.1817",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 21H2",
    "platforms": [
      "32-bit Systems",
      "ARM64-based Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.19043.0",
        "lessThan": "10.0.19043.1706",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1507",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.10240.0",
        "lessThan": "10.0.10240.19297",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1607",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.14393.0",
        "lessThan": "10.0.14393.5850",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2016",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.14393.0",
        "lessThan": "10.0.14393.5850",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2016 (Server Core installation)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.14393.0",
        "lessThan": "10.0.14393.5850",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 8.1",
    "platforms": [
      "32-bit Systems",
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "6.3.0",
        "lessThan": "6.3.9600.20371",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012 R2",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.3.9600.0",
        "lessThan": "6.3.9600.20919",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2012 R2 (Server Core installation)",
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "6.3.9600.0",
        "lessThan": "6.3.9600.20919",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
msrc	www.msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923

Parameter	Position	Path	Description	CWE
DC_NAME	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
LDAP_PORT	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
DOMAIN	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
USERNAME	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
PASSWORD	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
SPN	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295
IMPERSONATE	request body	/REQUEST_CERT	Exploits a vulnerability in Active Directory Certificate Services to generate a valid certificate that impersonates the Domain Controller.	CWE-295

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 May 2022 21:15Current

9.2High risk

Vulners AI Score9.2

CVSS29

CVSS38.8

EPSS0.91352