CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
Vexday Risk Score
93Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 77.3%KEV simPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
09 Nov 2022Published on NVD
23 Dec 2022Public PoC
10 Jan 2023Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Microsoft Exchange Server allows an authenticated attacker to gain higher system privileges than they should have. This is dangerous because an attacker with basic access could potentially take full control of the email server.
Technical detail
This elevation of privilege vulnerability in Microsoft Exchange Server affects authenticated users and can be exploited through the Exchange management interface or OWA (Outlook Web Access). Successful exploitation allows an attacker to escalate from standard user privileges to administrative privileges, compromising the integrity and confidentiality of the entire Exchange infrastructure.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 22Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 11Microsoft · Microsoft Exchange Server 2019 Cumulative Update 12public PoCs found — 1
githubgithub.com/ohnonoyesyes/CVE-2022-41080★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →