9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.2%
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Recent assessments:
adenosine-phosphatase at September 18, 2022 10:32am UTC reported:
I must be missing something as the PoC script *<https://github.com/78ResearchLab/PoC/blob/main/CVE-2022-34721/CVE-2022-34721.py)> does not execute any exception/BSOD let alone the RCE.
From what I can see, the script does not carry any RCE payload, but I thought it would at least cause some app/os exception.
When I fire it up against w2k19 VPN server, nothing happens.
I would have expected that at least some kind of unhandled exception/BSOD occurred, but nothing β¦
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.011 Low
EPSS
Percentile
84.2%