← back
CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS 8 HIGHEPSS 100.0%● KEVCWE-502
In short

A vulnerability in Microsoft Exchange Server allows an attacker with valid credentials to execute arbitrary code remotely on the server. This is critical because Exchange handles sensitive email data, and compromising it can lead to complete system takeover.

Technical detail

CWE-502 (Deserialization of Untrusted Data) allows authenticated attackers to bypass security restrictions and achieve remote code execution through specially crafted requests to vulnerable Exchange services. The attack requires valid user credentials and targets the deserialization process, resulting in arbitrary code execution with Exchange service privileges.

Summary generated and translated by AI from the official description.
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 22Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 11Microsoft · Microsoft Exchange Server 2019 Cumulative Update 12
public PoCs found10
githubgithub.com/balki97/OWASSRF-CVE-2022-41082-POC93githubgithub.com/Diverto/nse-exchange80githubgithub.com/notareaperbutDR34P3r/http-vuln-CVE-2022-410823githubgithub.com/soltanali0/CVE-2022-410823githubgithub.com/sikkertech/CVE-2022-410822githubgithub.com/SUPRAAA-1337/CVE-2022-410822githubgithub.com/bigherocenter/CVE-2022-41082-POC1githubgithub.com/CyprianAtsyor/LetsDefend-CVE-2022-41082-Exploitation-Attempt0githubgithub.com/notareaperbutDR34P3r/vuln-CVE-2022-410820cve_referencepacketstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.htmlhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082https://www.kb.cert.org/vuls/id/915563https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-scripthttps://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script