CVE-2022-41080

Warning

EPSS 93.74%
Published 09.11.2022 22:15:21
Last modified 18.02.2025 15:01:39
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Exchange Server Elevation of Privilege Vulnerability

Affected products Warnungen 1 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_22

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_11

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_12

10.01.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Exchange Server Privilege Escalation Vulnerability

Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.74%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41080

EUVD