CVE-2022-41115

Опубликовано: 05 дек. 2022

Источник: msrc

CVSS3: 6.6

EPSS Низкий

Описание

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

FAQ

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could allow the Edge Updater to run as SYSTEM privileges.

What is the version information for this release?

Microsoft Edge Version	Date Released	Based on Chromium Version
108.0.1462.41	12/5/2022	108.0.5359.94

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 73%

0.00786

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2022-41115

CVSS3: 6.6

nvd

около 3 лет назад

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

GHSA-7496-f8r6-4592

CVSS3: 6.6

github

около 3 лет назад

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.

BDU:2022-07162

CVSS3: 6.6

fstec

около 3 лет назад

Уязвимость браузеров Microsoft Edge и Google Chrome, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 73%

0.00786

Низкий

6.6 Medium

CVSS3