CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.5%
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors.
Recent assessments:
ccondon-r7 at December 13, 2022 4:40pm UTC reported:
Sounds like Cisco was seeing small-ish-scale exploitation of this bug over the summer to gain initial access and deploy TrueBot payloads. Iβd never heard of this product before now, but looking at its website, it looks to be security/IT management software with lots of enterprise customersβi.e., one of those things thatβs probably under-scrutinized by researchers (and thus a nifty fun-time target for attackers). Not a lot of internet-facing attack surface area, which is good, but I have to wonder how many people even know thereβs a serious vuln in this stuff, let alone how many have actually patched.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
97.5%