Lucene search

Kaspersky LabKLA20124

HistoryDec 13, 2022 - 12:00 a.m.

KLA20124 ACE vulnerability in Microsoft Dynamics

2022-12-1300:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft dynamics

ace vulnerability

code execution

kb updates

cve-2022-41127

dynamics nav

business central

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Code execution vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

CVE-2022-41127

Related products

Microsoft-Dynamics-365

CVE list

CVE-2022-41127 unknown

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Microsoft Dynamics NAV 2016Microsoft Dynamics NAV 2018Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)Microsoft Dynamics 365 Business Central 2021 Release Wave 1Microsoft Dynamics 365 Business Central 2022 Release Wave 2Microsoft Dynamics NAV 2017Microsoft Dynamics 365 Business Central 2021 Release Wave 2Microsoft Dynamics 365 Business Central 2020 Release Wave 2Microsoft Dynamics 365 Business Central 2020 Release Wave 1Microsoft Dynamics 365 Business Central 2022 Release Wave 1Dynamics 365 Business Central Spring 2019 Update