1. Home
  2. Vulnerabilities
  3. CVE-2022-41082

CVE-2022-41082 (ProxyNotShell)

CVSS v3.1 8 (High)
80% Progress
EPSS 15.47 % (96th)
15.47% Progress
Affected Products 1
Advisories 3
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Microsoft Exchange Server Remote Code Execution Vulnerability

Weaknesses
CWE-502
Deserialization of Untrusted Data
Alias
Related CVEs
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2022-10-03 01:15:08
(23 months ago)
Updated Date
2024-06-28 14:00:52
(2 months ago)
Microsoft Exchange Server Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Known
Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Vendor
Microsoft
Product
Exchange Server
In CISA Catalog from
2022-09-30
(23 months ago)
Due Date
2022-10-21
(22 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Exchange Server 2013 Cumulative Update 23 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23
  Microsoft Exchange Server 2016 Cumulative Update 22 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22
  Microsoft Exchange Server 2016 Cumulative Update 23 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23
  Microsoft Exchange Server 2019 Cumulative Update 11 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11
  Microsoft Exchange Server 2019 Cumulative Update 12 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12