Lucene search
HistoryJul 12, 2022 - 11:15 p.m.
CVE-2022-22039
cve-2022-22039
windows
network file system
remote code execution
vulnerability
nvd
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.5%
Windows Network File System Remote Code Execution Vulnerability
Affected configurations
Node
microsoftwindows_server_2019Range10.0.0–10.0.17763.3165
ORmicrosoftwindows_server_2019Range10.0.0–10.0.17763.3165
ORmicrosoftwindows_server_2022Range10.0.0–10.0.20348.825
ORmicrosoftwindows_server_20h2Range10.0.0–10.0.19042.1826
ORmicrosoftwindows_server_2016Range10.0.0–10.0.14393.5246
ORmicrosoftwindows_server_2016Range10.0.0–10.0.14393.5246
ORmicrosoftwindows_server_2008_sp2Range6.0.0–6.0.6003.21569sp2
ORmicrosoftwindows_server_2008_sp2Range6.0.0–6.0.6003.21569sp2
ORmicrosoftwindows_server_2008_sp2Range6.0.0–6.0.6003.21569sp2
ORmicrosoftwindows_server_2008_r2_sp1Range6.1.0–6.1.7601.26022sp1
ORmicrosoftwindows_server_2008_r2_sp1Range6.0.0–6.1.7601.26022sp1
ORmicrosoftwindows_server_2012Range6.2.0–6.2.9200.23771
ORmicrosoftwindows_server_2012Range6.2.0–6.2.9200.23771
ORmicrosoftwindows_server_2012_r2Range6.3.0–6.3.9600.20478
ORmicrosoftwindows_server_2012_r2Range6.3.0–6.3.9600.20478
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_server_2019 | * | cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2019 | * | cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2022 | * | cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* |
| microsoft | windows_server_20h2 | * | cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2016 | * | cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2016 | * | cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2008_sp2 | * | cpe:2.3:o:microsoft:windows_server_2008_sp2:*:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008_sp2 | * | cpe:2.3:o:microsoft:windows_server_2008_sp2:*:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008_sp2 | * | cpe:2.3:o:microsoft:windows_server_2008_sp2:*:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008_r2_sp1 | * | cpe:2.3:o:microsoft:windows_server_2008_r2_sp1:*:sp1:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Windows Server 2019",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.3165",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.3165",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2022",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.825:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.20348.825",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server version 20H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1826:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19042.1826",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.5246",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.5246",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21569:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.21569",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21569:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21569:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.21569",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21569:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.21569",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 R2 Service Pack 1",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.26022:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.1.0",
"lessThan": "6.1.7601.26022",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.26022:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.1.7601.26022",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23771:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.2.0",
"lessThan": "6.2.9200.23771",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23771:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.2.0",
"lessThan": "6.2.9200.23771",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20478:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "6.3.9600.20478",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20478:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "6.3.9600.20478",
"versionType": "custom",
"status": "affected"
}
]
}
]Social References
More
Related
mscve
mscve
Windows Network File System Remote Code Execution Vulnerability
2022-07-12 07:00:00
prion
prion
Remote code execution
2022-07-12 23:15:00
vulnrichment
vulnrichment
cvelist
cvelist
nvd
nvd
CVE-2022-22039
2022-07-12 23:15:09
malwarebytes
malwarebytes
Update now—July Patch Tuesday patches include fix for exploited zero-day
2022-07-13 12:21:53
qualysblog
qualysblog
krebs
krebs
Microsoft Patch Tuesday, July 2022 Edition
2022-07-13 01:02:49
thn
thn
Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout
2022-07-13 04:15:00
mskb
mskb
July 12, 2022—KB5015866 (Monthly Rollup)
2022-07-12 07:00:00
July 12, 2022—KB5015870 (Security-only update)
2022-07-12 07:00:00
July 12, 2022—KB5015877 (Security-only update)
2022-07-12 07:00:00
nessus
nessus
KB5015870: Windows Server 2008 Security Update (July 2022)
2022-07-12 00:00:00
KB5015875: Windows Server 2012 Security Update (July 2022)
2022-07-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5015861)
2022-07-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5015874)
2022-07-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5015808)
2022-07-13 00:00:00
kaspersky
kaspersky
KLA12581 Multiple vulnerabilities in Microsoft Products (ESU)
2022-07-12 00:00:00
KLA12580 Multiple vulnerabilities in Microsoft Windows
2022-07-12 00:00:00
securelist
securelist
IT threat evolution in Q3 2022. Non-mobile statistics
2022-11-18 08:10:34
rapid7blog
rapid7blog
Patch Tuesday - July 2022
2022-07-12 19:40:15
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
79.5%
Related for CVE-2022-22039