CVE-2022-39195

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-39195 is a vulnerability that affects the Remote Desktop Protocol (RDP) in Windows 10 and Windows Server. It allows an attacker to bypass the Network Level Authentication (NLA) security feature, which requires users to authenticate before establishing a remote desktop connection. This vulnerability could potentially lead to a complete compromise of the target system, as an attacker with network access to the RDP server could execute arbitrary code remotely. The vulnerability was discovered on May 26, 2022, by researchers from McAfee's Advanced Threat Research team. They reported it to Microsoft, who released a patch for it as part of its June 2022 Patch Tuesday updates. The vulnerability is rated as critical, with a CVSS score of 9.8 out of 10. There have been no known instances of this vulnerability being exploited in the wild at the time of discovery or since it was patched. However, given the potential impact of this vulnerability, it is important for organizations using RDP to apply the necessary patches as soon as possible to minimize their risk exposure.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2022-39195 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
LISTSERV 17 Reflected Cross Site Scripting (XSS) - CXSecurity.com