← back
CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability

CVSS 8.8 HIGHEPSS 99.9%● KEVCWE-918
In short

A vulnerability in Microsoft Exchange Server allows an authenticated attacker to bypass security restrictions and gain elevated privileges on the server. This flaw could enable an attacker to take control of the email system and access sensitive data.

Technical detail

CWE-918 (Server-Side Request Forgery) vulnerability in Exchange Server allows authenticated users to bypass authentication controls through improper validation of requests. An attacker with valid Exchange credentials can escalate privileges by manipulating backend server communications, potentially leading to remote code execution and complete system compromise.

Summary generated and translated by AI from the official description.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 22Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 11Microsoft · Microsoft Exchange Server 2019 Cumulative Update 12
public PoCs found10
githubgithub.com/kljunowsky/CVE-2022-41040-POC91githubgithub.com/TaroballzChen/CVE-2022-41040-metasploit-ProxyNotShell35githubgithub.com/numanturle/CVE-2022-4104019githubgithub.com/r3dcl1ff/CVE-2022-410405githubgithub.com/d3duct1v/CVE-2022-410405githubgithub.com/rjsudlow/proxynotshell-IOC-Checker5githubgithub.com/ITPATJIDR/CVE-2022-410401githubgithub.com/0-Gram/CVE-2022-410400githubgithub.com/CentarisCyber/CVE-2022-41040_Mitigation0cve_referencepacketstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.htmlhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41040https://www.kb.cert.org/vuls/id/915563https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/