Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

[email protected]NVD:CVE-2022-41040

HistoryOct 03, 2022 - 1:15 a.m.

CVE-2022-41040

Vulners
Nvd
CVE-2022-41040

2022-10-0301:15:08

CWE-918

[email protected]

web.nvd.nist.gov

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%

JSON

Microsoft Exchange Server Elevation of Privilege Vulnerability

Affected configurations

NVD

Node

microsoftexchange_serverMatch2013cumulative_update_23

microsoftexchange_serverMatch2016cumulative_update_22

microsoftexchange_serverMatch2016cumulative_update_23

microsoftexchange_serverMatch2019cumulative_update_11

microsoftexchange_serverMatch2019cumulative_update_12

References

packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040

www.kb.cert.org/vuls/id/915563

www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/

githubexploit 12

zdi 1

attackerkb 2

hackerone 1

mscve 1

cnvd 1

cvelist 1

prion 1

cve 1

msrc 3

cisa_kev 2

mssecure 2

nessus 3

packetstorm 1

rapid7blog 4

thn 10

cisa 1

checkpoint_advisories 1

wordfence 1

hackread 1

krebs 2

malwarebytes 3

qualysblog 4

cert 1

talosblog 4

hivepro 1

kaspersky 1

akamaiblog 1

metasploit 1

mmpc 2

impervablog 1

ics 1

securelist 2

trellix 2

mskb 1

avleonov 2

githubexploit

Exploit for CVE-2022-41040

2022-09-30 18:25:21

Exploit for Improper Privilege Management in Microsoft

2022-10-06 08:18:55

Exploit for Improper Privilege Management in Microsoft

2022-10-20 22:14:04

zdi

Microsoft Exchange Autodiscover Server-Side Request Forgery Privilege Escalation Vulnerability

2022-10-17 00:00:00

attackerkb

CVE-2022-41040

2022-10-03 00:00:00

CVE-2022-41082

2022-10-03 00:00:00

hackerone

Acronis: mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040

2022-10-02 08:47:22

mscve

Microsoft Exchange Server Elevation of Privilege Vulnerability

2022-09-30 07:00:00

cnvd

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2022-67837)

2022-10-08 00:00:00

cvelist

CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability

2022-10-03 00:00:00

prion

Privilege escalation

2022-10-03 01:15:00

cve

CVE-2022-41040

2022-10-03 01:15:08

msrc

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

2022-09-30 06:55:00

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

2022-09-30 07:00:00

Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server

2022-09-30 07:00:00

cisa_kev

Microsoft Exchange Server Remote Code Execution Vulnerability

2022-09-30 00:00:00

Microsoft Exchange Server Server-Side Request Forgery Vulnerability

2022-09-30 00:00:00

mssecure

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

2022-10-01 04:21:00

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

nessus

Microsoft Exchange Server October 2022 Zero-day Vulnerabilities (ProxyNotShell)

2022-10-05 00:00:00

Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit

2022-10-03 00:00:00

Security Updates for Microsoft Exchange Server (Nov 2022)

2022-11-11 00:00:00

packetstorm

Microsoft Exchange ProxyNotShell Remote Code Execution

2022-11-30 00:00:00

rapid7blog

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

2022-09-29 20:50:50

Year in Review: Rapid7 Vulnerability Management

2023-01-09 17:00:00

Patch Tuesday - November 2022

2022-11-08 20:02:57

thn

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

2022-09-30 09:01:00

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds

2022-10-05 05:31:00

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

2022-10-08 05:13:00

cisa

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

2022-09-30 00:00:00

checkpoint_advisories

Microsoft Exchange Server Remote Code Execution (CVE-2022-41082; CVE-2022-41040)

2022-10-03 00:00:00

wordfence

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

2022-10-19 16:01:59

hackread

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

2022-09-30 17:56:35

krebs

Microsoft: Two New 0-Day Flaws in Exchange Server

2022-09-30 16:51:57

Patch Tuesday, November 2022 Election Edition

2022-11-09 01:50:14

malwarebytes

[updated]Two new Exchange Server zero-days in the wild

2022-09-30 13:00:00

Rackspace confirms it suffered a ransomware attack

2022-12-08 12:00:00

Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected

2022-10-12 17:45:00

qualysblog

Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform

2022-09-30 23:25:55

Qualys Research Team: Threat Thursdays, October 2022

2022-10-28 00:58:53

October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.

2022-10-11 20:00:00

cert

Microsoft Exchange vulnerable to server-side request forgery and remote code execution.

2022-10-03 00:00:00

talosblog

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

2022-10-06 18:00:00

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

2022-09-30 21:16:00

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

2022-10-06 18:00:00

hivepro

Unpatched zero-day vulnerabilities of Microsoft Exchange Server

2022-09-30 10:21:56

kaspersky

KLA19264 Multiple vulnerabilities in Microsoft Server Software

2022-09-30 00:00:00

akamaiblog

Akamai?s Response to Zero-Day Vulnerabilities in Microsoft Exchange Server (CVE-2022-41040 and CVE-2022-41082)

2022-10-03 09:00:00

metasploit

Microsoft Exchange ProxyNotShell RCE

2022-11-18 22:00:27

mmpc

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

2022-10-01 04:21:00

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

impervablog

Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082

2022-09-30 16:47:34

ics

#StopRansomware: Play Ransomware

2023-12-18 12:00:00

securelist

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

2022-12-19 16:15:49

IT threat evolution in Q3 2022. Non-mobile statistics

2022-11-18 08:10:34

trellix

The Bug Report October 2022 Edition

2022-11-02 00:00:00

The Bug Report October 2022 Edition

2022-11-02 00:00:00

mskb

Description of the security update for Microsoft Exchange Server 2019, 2016, and 2013: November 8, 2022 (KB5019758)

2022-11-08 08:00:00

avleonov

Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP

2022-10-29 08:37:59

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

2022-11-25 20:56:48

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.967 High

EPSS

Percentile

99.7%

JSON

Related for NVD:CVE-2022-41040

githubexploit12 zdi1 attackerkb2 hackerone1 mscve1 cnvd1 cvelist1 prion1 cve1 msrc3 cisa_kev2 mssecure2 nessus3 packetstorm1 rapid7blog4 thn10 cisa1 checkpoint_advisories1 wordfence1 hackread1 krebs2 malwarebytes3 qualysblog4 cert1 talosblog4 hivepro1 kaspersky1 akamaiblog1 metasploit1 mmpc2 impervablog1 ics1 securelist2 trellix2 mskb1 avleonov2