Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hiveproHiveForce LabHIVEPRO:E2550D26AC21BB6F731E41DD4D48AFA8
HistoryFeb 01, 2023 - 5:51 a.m.

Proof-of-concept released for Windows CryptoAPI vulnerability

2023-02-0105:51:58
HiveForce Lab
www.hivepro.com
15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

JSON

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the assumption that the certificate cache index key, based on MD5, is collision-free.

Related

prion 1
cnvd 1
cve 1
thn 1
openvas 7
mscve 1
qualysblog 1
nessus 10
mskb 14
kaspersky 2
rapid7blog 1
prion
prion
Spoofing
2022-10-11 19:15:00
cnvd
cnvd
Microsoft Windows CryptoAPI has an unspecified vulnerability
2022-10-14 00:00:00
cve
cve
CVE-2022-34689
2022-10-11 19:15:00
thn
thn
Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA
2023-01-26 14:52:00
openvas
openvas
Microsoft Windows Spoofing Vulnerability (KB5016622)
2022-10-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016676)
2022-08-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016681)
2022-08-10 00:00:00
mscve
mscve
Windows CryptoAPI Spoofing Vulnerability
2022-10-11 07:00:00
qualysblog
qualysblog
October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.
2022-10-11 20:00:00
nessus
nessus
KB5016686: Windows Server 2008 Security Update (August 2022)
2022-08-09 00:00:00
KB5016679: Windows 7 and Windows Server 2008 R2 Security Update (August 2022)
2022-08-09 00:00:00
KB5016684: Windows Server 2012 Security Update (August 2022)
2022-08-09 00:00:00
mskb
mskb
August 9, 2022—KB5016669 (Monthly Rollup)
2022-10-11 07:00:00
August 9, 2022—KB5016686 (Security-only update)
2022-10-11 07:00:00
August 9, 2022—KB5016676 (Monthly Rollup)
2022-10-11 07:00:00
kaspersky
kaspersky
KLA20001 Multiple vulnerabilities in Microsoft Products (ESU)
2022-10-11 00:00:00
KLA20000 Multiple vulnerabilities in Microsoft Windows
2022-10-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2022
2022-10-11 18:35:28

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

JSON
Related for HIVEPRO:E2550D26AC21BB6F731E41DD4D48AFA8
prion1cnvd1cve1thn1openvas7mscve1qualysblog1nessus10mskb14kaspersky2rapid7blog1