CVE-2022-26923
CVSS v3.1
8.8 (High)
CVSS v2.0
9 (High)
EPSS
5.27 % (93th)
Affected Products
14
Advisories
2
NVD Status
Analyzed
Active Directory Domain Services Elevation of Privilege Vulnerability
Weaknesses
- CWE-295
- Improper Certificate Validation
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Microsoft Corporation
- Published Date
-
2022-05-10 21:15:10
(2 years ago) - Updated Date
-
2024-06-28 14:08:58
(2 months ago)
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923
- Vendor
- Microsoft
- Product
- Active Directory
- In CISA Catalog from
-
2022-08-18
(2 years ago) - Due Date
-
2022-09-08
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...