CVE-2022-41080
Microsoft Exchange Server Elevation of Privilege Vulnerability
In short
A flaw in Microsoft Exchange Server allows an authenticated attacker to gain higher system privileges than they should have. This is dangerous because an attacker with basic access could potentially take full control of the email server.
Technical detail
This elevation of privilege vulnerability in Microsoft Exchange Server affects authenticated users and can be exploited through the Exchange management interface or OWA (Outlook Web Access). Successful exploitation allows an attacker to escalate from standard user privileges to administrative privileges, compromising the integrity and confidentiality of the entire Exchange infrastructure.
Summary generated and translated by AI from the official description.
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Exchange Server 2013 Cumulative Update 23Microsoft · Microsoft Exchange Server 2016 Cumulative Update 22Microsoft · Microsoft Exchange Server 2016 Cumulative Update 23Microsoft · Microsoft Exchange Server 2019 Cumulative Update 11Microsoft · Microsoft Exchange Server 2019 Cumulative Update 12public PoCs found — 1
githubgithub.com/ohnonoyesyes/CVE-2022-41080★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →