CVE-2022-31199

Vulnerability updated 23 days ago (2024-11-29T14:23:19.169Z)
Download STIX
Preview STIX
CVE-2022-31199 is a critical remote code execution (RCE) vulnerability discovered in Netwrix Auditor, a widely-used software for on-premises and cloud-based IT system auditing. This flaw in the software's design or implementation allows cyber threat actors to exploit it and gain unauthorized access to the system. The shift in tactics from phishing to exploiting this vulnerability has been observed prominently among cybercriminals. The exploitation of CVE-2022-31199 has been linked to the delivery of newly discovered variants of Truebot malware. Sophisticated attacks have been carried out by leveraging this vulnerability, allowing attackers not only to infiltrate systems but also to move laterally within networks. The Netwrix Auditor server and its associated agents are particularly susceptible due to this vulnerability. Newer versions of Truebot malware have further complicated the cybersecurity landscape by enabling malicious actors to gain initial access through the known vulnerability with the Netwrix Auditor application. These developments underscore the need for immediate patching and updating of the Netwrix Auditor software to mitigate the risk posed by CVE-2022-31199.
Description last updated: 2024-05-04T16:27:46.135Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Lateral Move...
RCE (Remote ...
Exploit
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Truebot Malware is associated with CVE-2022-31199. Truebot is a malicious software (malware) utilized by the CL0P actors, designed to exploit and damage computer systems. This malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Truebot serves multiple purposes: it can dowUnspecified
5
The truebot malware Malware is associated with CVE-2022-31199. Truebot malware is a malicious software that infiltrates computer systems, often without the user's knowledge, to exploit and damage the device. It was primarily delivered by cyber threat actors via malicious phishing email attachments, but newer versions observed in 2023 also gained initial access Unspecified
5
The Bumblebee Malware is associated with CVE-2022-31199. Bumblebee is a type of malware that has been linked to ITG23, a cyber threat group. Over the past year, it has been used in conjunction with other initial access malwares such as Emotet, IcedID, Qakbot, and Gozi during ITG23 attacks. The same values for self-signed certificates seen in Bumblebee havUnspecified
2
The Raspberry Robin Malware is associated with CVE-2022-31199. Raspberry Robin is a sophisticated malware that uses advanced techniques to infiltrate and exploit computer systems. The malicious software is designed to stealthily enter a system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can wreak havoc by stUnspecified
2
Source Document References
Information about the CVE-2022-31199 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CISA
a year ago
CERT-EU
a year ago
CISA
a year ago
Canadian Centre for Cyber Security
a year ago