cvelistv5 - cve-2022-41040

CVE-2022-41040 (GCVE-0-2022-41040)

Vulnerability from cvelistv5

Published

2022-10-03 00:00

Modified

2025-07-30 01:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

Elevation of Privilege

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

References

►

URL

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-09-30

Due date: 2022-10-21

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41040

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
          },
          {
            "name": "VU#915563",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/915563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41040",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-23T21:11:09.910371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41040"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:37:37.111Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-30T00:00:00+00:00",
            "value": "CVE-2022-41040 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2013 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.00.1497.044",
              "status": "affected",
              "version": "15.00.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 22",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.01.2375.037",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.02.0986.036",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2019 Cumulative Update 12",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.02.1118.020",
              "status": "affected",
              "version": "15.02.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft Exchange Server 2016 Cumulative Update 23",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.01.2507.016",
              "status": "affected",
              "version": "15.01.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
                  "versionEndExcluding": "15.00.1497.044",
                  "versionStartIncluding": "15.00.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
                  "versionEndExcluding": "15.01.2375.037",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
                  "versionEndExcluding": "15.02.0986.036",
                  "versionStartIncluding": "15.02.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
                  "versionEndExcluding": "15.02.1118.020",
                  "versionStartIncluding": "15.02.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
                  "versionEndExcluding": "15.01.2507.016",
                  "versionStartIncluding": "15.01.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-09-30T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T16:10:48.981Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
        }
      ],
      "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-41040",
    "datePublished": "2022-10-03T00:00:00.000Z",
    "dateReserved": "2022-09-19T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:37:37.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-41040",
      "cwes": "[\"CWE-918\"]",
      "dateAdded": "2022-09-30",
      "dueDate": "2022-10-21",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/;  https://nvd.nist.gov/vuln/detail/CVE-2022-41040",
      "product": "Exchange Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Exchange Server allows for server-side request forgery. Dubbed \"ProxyNotShell,\" this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Exchange Server Server-Side Request Forgery Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41040\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-10-03T01:15:08.753\",\"lastModified\":\"2025-02-24T15:48:30.437\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Exchange Server Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Microsoft Exchange Server\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2022-09-30\",\"cisaActionDue\":\"2022-10-21\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Exchange Server Server-Side Request Forgery Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA166F2A-D83B-4D50-AD0B-668D813E0585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*\",\"matchCriteriaId\":\"449CE85B-E599-44D3-A7C1-5133F6A55E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"435343A4-BF10-461A-ABF2-D511A5FBDA75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B23C8E3E-5243-4DA6-B9AA-F6053084B55E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/915563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"datePublic\": \"2022-09-30T07:00:00.000Z\", \"cpeApplicability\": [{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.00.0\", \"versionEndExcluding\": \"15.00.1497.044\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.0.0\", \"versionEndExcluding\": \"15.01.2375.037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.02.0\", \"versionEndExcluding\": \"15.02.0986.036\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.02.0\", \"versionEndExcluding\": \"15.02.1118.020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.01.0\", \"versionEndExcluding\": \"15.01.2507.016\"}]}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2013 Cumulative Update 23\", \"platforms\": [\"x64-based Systems\"], \"versions\": [{\"version\": \"15.00.0\", \"lessThan\": \"15.00.1497.044\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 22\", \"platforms\": [\"x64-based Systems\"], \"versions\": [{\"version\": \"15.0.0\", \"lessThan\": \"15.01.2375.037\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 11\", \"platforms\": [\"x64-based Systems\"], \"versions\": [{\"version\": \"15.02.0\", \"lessThan\": \"15.02.0986.036\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2019 Cumulative Update 12\", \"platforms\": [\"x64-based Systems\"], \"versions\": [{\"version\": \"15.02.0\", \"lessThan\": \"15.02.1118.020\", \"versionType\": \"custom\", \"status\": \"affected\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Exchange Server 2016 Cumulative Update 23\", \"platforms\": [\"x64-based Systems\"], \"versions\": [{\"version\": \"15.01.0\", \"lessThan\": \"15.01.2507.016\", \"versionType\": \"custom\", \"status\": \"affected\"}]}], \"descriptions\": [{\"value\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"lang\": \"en-US\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"Elevation of Privilege\", \"lang\": \"en-US\", \"type\": \"Impact\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-03-11T16:10:48.981Z\"}, \"references\": [{\"name\": \"Microsoft Exchange Server Elevation of Privilege Vulnerability\", \"tags\": [\"vendor-advisory\"], \"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040\"}], \"metrics\": [{\"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}], \"cvssV3_1\": {\"version\": \"3.1\", \"baseSeverity\": \"HIGH\", \"baseScore\": 8.8, \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:35:49.189Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040\", \"tags\": [\"x_transferred\"]}, {\"name\": \"VU#915563\", \"tags\": [\"third-party-advisory\", \"x_transferred\"], \"url\": \"https://www.kb.cert.org/vuls/id/915563\"}, {\"url\": \"http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41040\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-23T21:11:09.910371Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-30\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41040\"}}}], \"timeline\": [{\"time\": \"2022-09-30T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2022-41040 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T18:34:35.585Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-41040\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"assignerShortName\": \"microsoft\", \"dateUpdated\": \"2025-07-30T01:37:37.111Z\", \"dateReserved\": \"2022-09-19T00:00:00.000Z\", \"datePublished\": \"2022-10-03T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-6ph7-8wxv-6gf2

Vulnerability from github

Published

2022-10-04 00:00

Modified

2025-01-02 21:31

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Microsoft Exchange Server Elevation of Privilege Vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-03T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Exchange Server Elevation of Privilege Vulnerability.",
  "id": "GHSA-6ph7-8wxv-6gf2",
  "modified": "2025-01-02T21:31:39Z",
  "published": "2022-10-04T00:00:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41040"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/915563"
    },
    {
      "type": "WEB",
      "url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2022-41040

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Microsoft Exchange Server Elevation of Privilege Vulnerability.

Aliases

CVE-2022-41040

Aliases

CVE-2022-41040

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41040",
    "id": "GSD-2022-41040"
  },
  "gsd": {
    "affected": [
      {
        "package": {
          "ecosystem": "Microsoft",
          "name": "Exchange Server 2019"
        },
        "ranges": [
          {
            "events": [
              {
                "introduced": "Cumulative Update 11"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "versions": [
          "Microsoft Exchange Server 2019 Cumulative Update 11",
          "Microsoft Exchange Server 2019 Cumulative Update 12"
        ]
      },
      {
        "package": {
          "ecosystem": "Microsoft",
          "name": "Exchange Server 2016"
        },
        "ranges": [
          {
            "events": [
              {
                "introduced": "Cumulative Update 22"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "versions": [
          "Microsoft Exchange Server 2016 Cumulative Update 22",
          "Microsoft Exchange Server 2016 Cumulative Update 23"
        ]
      },
      {
        "package": {
          "ecosystem": "Microsoft",
          "name": "Exchange Server 2013"
        },
        "ranges": [
          {
            "events": [
              {
                "introduced": "Cumulative Update 23"
              }
            ],
            "type": "SEMVER"
          }
        ],
        "versions": [
          "Microsoft Exchange Server 2013 Cumulative Update 23"
        ]
      }
    ],
    "description": "It was originally reported that an undisclosed flaw in Microsoft Exchange Server version 2019 and possibly earlier allowed for remote code execution. Confirmation was not available at the time of the release of the original GSD identifiers (GSD-2022-1006324 and GSD-2022-1006325) however, since then, Microsoft has confirmed that these two issues can be combined to gain remote code execution (an SSRF and a Remote Code Execution via Powershell). Microsoft has assigned CVE ID\u0027s for these two issues, as such the original GSD Identifiers have been withdrawn, and the corresponding GSD ID\u0027s for the CVE ID\u0027s have been populated with data (the file you are currently reading). \n\n This issue was originally reported and also reportedly confirmed as ZDI-CAN-18333 (CVSS score of 8.8) and ZDI-CAN-18802 (CVSS score of 6.3). \n\n Microsoft now reports the following: \n\n # Summary \n\n Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF)  vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker. \n\n At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users\u2019 systems.  In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities. \n\n We are working on an accelerated timeline to release a fix. Until then, we\u2019re providing the mitigations and detection guidance below to help customers protect themselves from these attacks. \n\n Microsoft Exchange Online has detections and mitigation in place to protect customers. Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers. \n\n We will continue to provide updates here to help keep customers informed. \n\n # Mitigations \n\n Mitigation information is available at https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ \n\n # Detections \n\n Detection information is available at https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ \n\n # Updates \n\n September 30, 2022 updates: \n\n Microsoft created a script for the URL Rewrite mitigation steps and modified step 6 in the Mitigations section. \n Antimalware Scan Interface (AMSI) guidance, and auditing AV exclusions to optimize detection, and blocking of the Exchange vulnerability exploitation. \n Microsoft Sentinel hunting queries \n\n ## Detection \n\n Fast Fuzzer (written in Go) can detect this: \n\n ffuf -w \"urllist.txt:URL\" -u \"https://URL/autodiscover/autodiscover.json?@URL/\u0026Email=autodiscover/autodiscover.json%3f@URL\" -mr \"IIS Web Core\" -r \n\n",
    "id": "GSD-2022-41040",
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "modified": "2022-10-09T09:50:18.511745266Z",
    "osvSchema": {
      "aliases": [
        "CVE-2022-41040"
      ],
      "details": "Microsoft Exchange Server Elevation of Privilege Vulnerability.",
      "id": "GSD-2022-41040",
      "modified": "2023-12-13T01:19:33.110014Z",
      "schema_version": "1.4.0"
    },
    "references": [
      {
        "type": "ADVISORY",
        "url": "https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html"
      },
      {
        "type": "ADVISORY",
        "url": "https://twitter.com/GossiTheDog/status/1575580072961982464"
      },
      {
        "type": "ADVISORY",
        "url": "https://doublepulsar.com/proxynotshell-the-story-of-the-claimed-zero-day-in-microsoft-exchange-5c63d963a9e9"
      },
      {
        "type": "ADVISORY",
        "url": "https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/"
      },
      {
        "type": "ADVISORY",
        "url": "https://twitter.com/blackorbird/status/1575521156966535168"
      },
      {
        "type": "ADVISORY",
        "url": "https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/microsoft-releases-guidance-zero-day-vulnerabilities-microsoft"
      },
      {
        "type": "ADVISORY",
        "url": "hhttps://www.rapid7.com/blog/post/2022/09/29/suspected-post-authentication-zero-day-vulnerabilities-in-microsoft-exchange-server/"
      },
      {
        "type": "WEB",
        "url": "https://twitter.com/GossiTheDog/status/1575762721353916417"
      },
      {
        "type": "WEB",
        "url": "https://github.com/VNCERT-CC/0dayex-checker"
      },
      {
        "type": "WEB",
        "url": "https://www.reddit.com/r/netsec/comments/xs5xsz/vncertcc_has_just_developed_a_tool_to_check/"
      },
      {
        "type": "WEB",
        "url": "https://krebsonsecurity.com/2022/09/microsoft-two-new-0-day-flaws-in-exchange-server/"
      },
      {
        "type": "DETECTION",
        "url": "https://twitter.com/0xJin/status/1579096666963337217"
      },
      {
        "type": "DETECTION",
        "url": "https://github.com/ffuf/ffuf"
      }
    ],
    "related": [
      "GSD-2022-41082"
    ],
    "schema_version": "1.3.1",
    "severity": [
      {
        "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
        "type": "CVSS_V3"
      }
    ],
    "summary": "Microsoft Exchange Server-Side Request Forgery (SSRF) in 2019 and earlier"
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2022-41040",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.00.0",
                          "version_value": "15.00.1497.044"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "15.01.2375.037"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "15.02.0986.036"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.02.0",
                          "version_value": "15.02.1118.020"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.01.0",
                          "version_value": "15.01.2507.016"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/915563",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/915563"
          },
          {
            "name": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
          },
          {
            "name": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/",
            "refsource": "MISC",
            "url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2022-10-21",
        "cisaExploitAdd": "2022-09-30",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Microsoft Exchange Server Server-Side Request Forgery Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
                    "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
                    "matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
                    "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
                    "matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
                    "matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
          },
          {
            "lang": "es",
            "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Microsoft Exchange Server"
          }
        ],
        "id": "CVE-2022-41040",
        "lastModified": "2023-12-20T20:15:18.393",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-10-03T01:15:08.753",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Mitigation",
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Third Party Advisory",
              "US Government Resource"
            ],
            "url": "https://www.kb.cert.org/vuls/id/915563"
          },
          {
            "source": "secure@microsoft.com",
            "url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

msrc_cve-2022-41040

Vulnerability from csaf_microsoft

Published

2022-09-13 07:00

Modified

2022-11-08 08:00

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q from GTSC working with \u003ca href=\"https://www.zerodayinitiative.com/\"\u003eTrend Micro Zero Day Initiative\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
      },
      {
        "category": "self",
        "summary": "CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-41040.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2022-11-08T08:00:00.000Z",
      "generator": {
        "date": "2025-03-11T16:10:09.697Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-41040",
      "initial_release_date": "2022-09-13T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-09-30T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2022-10-03T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated FAQ information. This is an informational change only."
        },
        {
          "date": "2022-10-05T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "In the FAQ, updated the Condition Input to {UrlDecode:{REQUEST_URI}}. This is an informational change only."
        },
        {
          "date": "2022-10-07T07:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "In the FAQ, updated the information about steps to take to be protected from the vulnerability to refer to [Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server](https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/) for mitigation instructions. This is an informational change only."
        },
        {
          "date": "2022-11-08T08:00:00.000Z",
          "legacy_version": "2",
          "number": "5",
          "summary": "On November, 8 2022, Microsoft released updates to address this vulnerability. Customers who are running an affected version of Microsoft Exchange Server should install the updates to be protected."
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.00.1497.044",
            "product": {
              "name": "Microsoft Exchange Server 2013 Cumulative Update 23 \u003c15.00.1497.044",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "15.00.1497.044",
            "product": {
              "name": "Microsoft Exchange Server 2013 Cumulative Update 23 15.00.1497.044",
              "product_id": "11682"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2013 Cumulative Update 23"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.01.2375.037",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 22 \u003c15.01.2375.037",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "15.01.2375.037",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 22 15.01.2375.037",
              "product_id": "11956"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2016 Cumulative Update 22"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.02.0986.036",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 11 \u003c15.02.0986.036",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "15.02.0986.036",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 11 15.02.0986.036",
              "product_id": "11957"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2019 Cumulative Update 11"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.02.1118.020",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 12 \u003c15.02.1118.020",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "15.02.1118.020",
            "product": {
              "name": "Microsoft Exchange Server 2019 Cumulative Update 12 15.02.1118.020",
              "product_id": "12038"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2019 Cumulative Update 12"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c15.01.2507.016",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 23 \u003c15.01.2507.016",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "15.01.2507.016",
            "product": {
              "name": "Microsoft Exchange Server 2016 Cumulative Update 23 15.01.2507.016",
              "product_id": "12039"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Exchange Server 2016 Cumulative Update 23"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41040",
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Yes, the attacker must be authenticated.",
          "title": "According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?"
        },
        {
          "category": "faq",
          "text": "Exchange Server customers should review and apply the mitigation instructions described in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server.",
          "title": "Do I need to take further steps to be protected from this vulnerability?"
        },
        {
          "category": "faq",
          "text": "The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.",
          "title": "What privileges can an attacker gain by exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Please see Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server for more information",
          "title": "Where can I find more information about this CVE?"
        }
      ],
      "product_status": {
        "fixed": [
          "11682",
          "11956",
          "11957",
          "12038",
          "12039"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
        },
        {
          "category": "self",
          "summary": "CVE-2022-41040 Microsoft Exchange Server Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2022/msrc_cve-2022-41040.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-30T07:00:00.000Z",
          "details": "15.00.1497.044:Security Update:https://support.microsoft.com/help/5019758",
          "product_ids": [
            "5"
          ],
          "url": "https://support.microsoft.com/help/5019758"
        },
        {
          "category": "vendor_fix",
          "date": "2022-09-30T07:00:00.000Z",
          "details": "15.01.2375.037:Security Update:https://support.microsoft.com/help/5019758",
          "product_ids": [
            "4"
          ],
          "url": "https://support.microsoft.com/help/5019758"
        },
        {
          "category": "vendor_fix",
          "date": "2022-09-30T07:00:00.000Z",
          "details": "15.02.0986.036:Security Update:https://support.microsoft.com/help/5019758",
          "product_ids": [
            "3"
          ],
          "url": "https://support.microsoft.com/help/5019758"
        },
        {
          "category": "vendor_fix",
          "date": "2022-09-30T07:00:00.000Z",
          "details": "15.02.1118.020:Security Update:https://support.microsoft.com/help/5019758",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5019758"
        },
        {
          "category": "vendor_fix",
          "date": "2022-09-30T07:00:00.000Z",
          "details": "15.01.2507.016:Security Update:https://support.microsoft.com/help/5019758",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/help/5019758"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.9,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected"
        }
      ],
      "title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    }
  ]
}

fkie_cve-2022-41040

Vulnerability from fkie_nvd

Published

2022-10-03 01:15

Modified

2025-02-24 15:48

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Microsoft Exchange Server Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040	Mitigation, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/915563	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	exchange_server	2013
microsoft	exchange_server	2016
microsoft	exchange_server	2016
microsoft	exchange_server	2019
microsoft	exchange_server	2019

JSON

To clipboard

{
  "cisaActionDue": "2022-10-21",
  "cisaExploitAdd": "2022-09-30",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Exchange Server Server-Side Request Forgery Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
              "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
              "matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
              "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
              "matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
              "matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios en Microsoft Exchange Server"
    }
  ],
  "id": "CVE-2022-41040",
  "lastModified": "2025-02-24T15:48:30.437",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-10-03T01:15:08.753",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/915563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-41040 (GCVE-0-2022-41040)

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

ghsa-6ph7-8wxv-6gf2

Vulnerability from github

gsd-2022-41040

Vulnerability from gsd

msrc_cve-2022-41040

Vulnerability from csaf_microsoft

fkie_cve-2022-41040

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature