CVE-2022-22848

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-22848 is a vulnerability that was identified in 2022. The vulnerability is related to the Microsoft Windows TCP/IP stack, and it could allow an attacker to execute arbitrary code on a targeted system with elevated privileges. The vulnerability is caused by a flaw in the way the TCP/IP stack handles IPv6 router advertisements. By sending a specially crafted router advertisement message, an attacker can trigger a heap-based buffer overflow, which may result in the execution of malicious code. The vulnerability was reported to Microsoft on February 3, 2022, by security researchers from the Zero Day Initiative (ZDI). Microsoft released a security update to address the vulnerability on April 12, 2022, as part of its monthly Patch Tuesday updates. The security update addressed the vulnerability by correcting how the TCP/IP stack checks the length of incoming router advertisement messages. Organizations running affected versions of Windows are advised to apply the security update as soon as possible to ensure their systems are protected against the vulnerability. In addition, organizations should review their network security controls to prevent attackers from using this vulnerability to gain access to their networks. This incident highlights the importance of regular software patching and vulnerability management practices in protecting against potential cyber threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-22848 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Chinese attackers exploiting unpatched VMware ESXi instances