CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 92.8%

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Produtos afetados

Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 20H2 Microsoft · Windows 10 Version 21H1 Microsoft · Windows 10 Version 21H2 Microsoft · Windows 11 version 21H2 Microsoft · Windows Server 2019 Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022 Microsoft · Windows Server version 20H2

PoCs públicas encontradas — 17

githubgithub.com/ZZ-SOCMAP/CVE-2022-21907★ 362 githubgithub.com/polakow/CVE-2022-21907★ 128 githubgithub.com/p0dalirius/CVE-2022-21907-http.sys★ 83 githubgithub.com/michelep/CVE-2022-21907-Vulnerability-PoC★ 29 githubgithub.com/mauricelambert/CVE-2022-21907★ 26 githubgithub.com/Malwareman007/CVE-2022-21907★ 17 githubgithub.com/0xmaximus/Home-Demolisher★ 8 githubgithub.com/corelight/cve-2022-21907★ 5 githubgithub.com/gpiechnik2/nmap-CVE-2022-21907★ 2 githubgithub.com/kamal-marouane/CVE-2022-21907★ 1 githubgithub.com/iveresk/cve-2022-21907-http.sys★ 1 githubgithub.com/iveresk/cve-2022-21907★ 1 githubgithub.com/cassie0206/CVE-2022-21907★ 0 githubgithub.com/EzoomE/CVE-2022-21907-RCE★ 0 githubgithub.com/asepsaepdin/CVE-2022-21907★ 0 exploitdbwww.exploit-db.com/exploits/51575não verificado cve_referencepacketstormsecurity.com/files/166730/Microsoft-HTTP-Protocol-Stack-Denial-Of-Service.htmlnão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/166730/Microsoft-HTTP-Protocol-Stack-Denial-Of-Service.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907