Lucene search

K
attackerkbAttackerKBAKB:00DCAC7D-72AF-4567-BE1A-D7DCA781EC1D
HistoryNov 08, 2022 - 12:00 a.m.

CVE-2022-31199

2022-11-0800:00:00
attackerkb.com
16
netwrix auditor
user activity video recording
remote code execution
vulnerabilities
netwrix auditor server
agents
monitored systems
protocol
unauthenticated remote attacker
arbitrary code execution
nt authority\system user

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.474

Percentile

97.5%

Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.

Recent assessments:

ccondon-r7 at December 13, 2022 4:40pm UTC reported:

Sounds like Cisco was seeing small-ish-scale exploitation of this bug over the summer to gain initial access and deploy TrueBot payloads. I’d never heard of this product before now, but looking at its website, it looks to be security/IT management software with lots of enterprise customersβ€”i.e., one of those things that’s probably under-scrutinized by researchers (and thus a nifty fun-time target for attackers). Not a lot of internet-facing attack surface area, which is good, but I have to wonder how many people even know there’s a serious vuln in this stuff, let alone how many have actually patched.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

EPSS

0.474

Percentile

97.5%

Related for AKB:00DCAC7D-72AF-4567-BE1A-D7DCA781EC1D