CVE-2022-21907

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8 CRITICALEPSS 92.8%

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected products

Microsoft · Windows 10 Version 1809 Microsoft · Windows 10 Version 20H2 Microsoft · Windows 10 Version 21H1 Microsoft · Windows 10 Version 21H2 Microsoft · Windows 11 version 21H2 Microsoft · Windows Server 2019 Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022 Microsoft · Windows Server version 20H2

public PoCs found — 17

githubgithub.com/ZZ-SOCMAP/CVE-2022-21907★ 362 githubgithub.com/polakow/CVE-2022-21907★ 128 githubgithub.com/p0dalirius/CVE-2022-21907-http.sys★ 83 githubgithub.com/michelep/CVE-2022-21907-Vulnerability-PoC★ 29 githubgithub.com/mauricelambert/CVE-2022-21907★ 26 githubgithub.com/Malwareman007/CVE-2022-21907★ 17 githubgithub.com/0xmaximus/Home-Demolisher★ 8 githubgithub.com/corelight/cve-2022-21907★ 5 githubgithub.com/gpiechnik2/nmap-CVE-2022-21907★ 2 githubgithub.com/kamal-marouane/CVE-2022-21907★ 1 githubgithub.com/iveresk/cve-2022-21907-http.sys★ 1 githubgithub.com/iveresk/cve-2022-21907★ 1 githubgithub.com/cassie0206/CVE-2022-21907★ 0 githubgithub.com/EzoomE/CVE-2022-21907-RCE★ 0 githubgithub.com/asepsaepdin/CVE-2022-21907★ 0 exploitdbwww.exploit-db.com/exploits/51575unverified cve_referencepacketstormsecurity.com/files/166730/Microsoft-HTTP-Protocol-Stack-Denial-Of-Service.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/166730/Microsoft-HTTP-Protocol-Stack-Denial-Of-Service.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907