CVE-2022-3294

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-3294 is a critical vulnerability that affects multiple versions of the Microsoft Exchange Server. This vulnerability allows an attacker to execute arbitrary code on affected systems and gain complete control over them. The exploit requires no user interaction, making it particularly dangerous as it can be carried out remotely without any authentication. This vulnerability was first discovered by researchers at Devcore and reported to Microsoft in May 2022. Microsoft released a patch for the vulnerability on June 14, 2022, as part of the monthly security updates. However, it is estimated that tens of thousands of organizations were still vulnerable to this attack when the patch was released, as many had not yet applied previous Exchange patches. In the following days after Microsoft's patch release, there were reports of attacks exploiting this vulnerability in the wild. These attacks were believed to be carried out by a Chinese state-sponsored hacking group known as Hafnium, which had also previously targeted the Microsoft Exchange Server in 2021. As a result, it is highly recommended that organizations running affected versions of the Microsoft Exchange Server apply the necessary patches immediately to prevent exploitation.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-3294 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
SUSE update for kubernetes1.23
CISA
4 months ago
Siemens SCALANCE XCM-/XRM-300 | CISA