Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2022-26919

Опубликовано: 12 апр. 2022
Источник: msrc
CVSS3: 8.1
EPSS Низкий

Описание

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Меры по смягчению последствий

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation:

For this vulnerability to be exploitable, an administrator must increase the default MaxReceiveBuffer LDAP setting

This vulnerability will not be triggered without modifying the default setting for MaxReceiveBuffer.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
50126585012632
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
50126585012632
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
50126585012632
Monthly RollupSecurity Only
Windows 7 for 32-bit Systems Service Pack 1
50126265012649
Monthly RollupSecurity Only
Windows 7 for x64-based Systems Service Pack 1
50126265012649
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
50126265012649
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
50126265012649
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
50126585012632
Monthly RollupSecurity Only
Windows Server 2012
50126505012666
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
50126505012666
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 88%
0.04136
Низкий

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-26919

CVSS3: 8.1
nvd
около 3 лет назад

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

github логотип

GHSA-337w-g464-gv6c

CVSS3: 8.1
github
около 3 лет назад

Windows LDAP Remote Code Execution Vulnerability.

fstec логотип

BDU:2022-03359

CVSS3: 8.1
fstec
около 3 лет назад

Уязвимость реализации протокола службы каталогов LDAP операционной системы Microsoft Windows, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 88%
0.04136
Низкий

8.1 High

CVSS3