CVE-2022-41080

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2022-41080 is a significant software vulnerability identified in 2022, specifically a flaw in the design or implementation of Microsoft Exchange Server. This vulnerability enables Server-Side Request Forgery (SSRF), potentially allowing malicious actors to manipulate server requests and execute arbitrary code remotely. The vulnerability also forms part of the ProxyNotShell exploit, along with CVE-2022-41082. In a notable incident, cloud services provider Rackspace confirmed that it had suffered a security breach due to this vulnerability. Approximately a month prior to their announcement, the Play ransomware group exploited CVE-2022-41080 to gain access to Rackspace's Hosted Exchange email environment. This incident highlighted the severity of the threat posed by this vulnerability and the potential for its exploitation by malicious groups. However, protection against this vulnerability has been provided by Check Point IPS. Their system offers defenses against both the SSRF threat posed by CVE-2022-41080 and the Remote Code Execution associated with CVE-2022-41082. The effective deployment of such protective measures can help prevent future exploits of this vulnerability, safeguarding systems from potential breaches.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Proxynotshell
4
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Proxylogon
1
ProxyLogon is a notable software vulnerability that surfaced in the cybersecurity landscape. It was part of an exploit chain, including CVE-2021-26855, a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server. This flaw allowed attackers to bypass authentication mechanisms and
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Ransomware
exploited
Microsoft
Exploits
Remote Code ...
Manageengine
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
OwassrfUnspecified
3
OWASSRF is a software vulnerability that presents a significant security risk to Microsoft Exchange Server systems. It's an exploit method that bypasses ProxyNotShell vulnerability mitigations, allowing for remote code execution on vulnerable servers through Outlook Web Access. This vulnerability ha
ProxyshellUnspecified
2
ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau
CVE-2022-41040Unspecified
1
CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism
Proxynotshell Cve-2022-41080Unspecified
1
None
Proxynotshell Cve-2022-41040Unspecified
1
None
CVE-2022-41082Unspecified
1
CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attack
CVE-2022-47966Unspecified
1
CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
Source Document References
Information about the CVE-2022-41080 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
Rackspace racks up $11M in ransomware-related costs
CERT-EU
8 months ago
Rackspace racks up $12M in ransomware-related costs
CrowdStrike
9 months ago
Patch Tuesday Turns 20: The Impact of Microsoft’s Vulnerability Problem
CERT-EU
10 months ago
Florian Roth, Author at Nextron Systems
CERT-EU
10 months ago
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU
a year ago
Rackspace Faces Massive Cleanup Costs After Ransomware Attack
CERT-EU
a year ago
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU
a year ago
Cybersecurity threatscape: Q1 2023
CERT-EU
a year ago
Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards
Checkpoint
a year ago
26th December – Threat Intelligence Report – Check Point Research
Checkpoint
a year ago
9th January – Threat Intelligence Report - Check Point Research
Unit42
a year ago
Threat Brief: OWASSRF Vulnerability Exploitation
Malwarebytes
a year ago
Ransomware in December 2022
BankInfoSecurity
a year ago
Play Ransomware Lists A10 Networks on its Leak Site
CERT-EU
a year ago
Play Ransomware Lists A10 Networks on Its Leak Site
Securityaffairs
a year ago
Charming Kitten used a new BellaCiao malware in recent wave of attacks
CERT-EU
a year ago
Dragos releases industrial ransomware analysis for Q1 2023 | #ransomware | #cybercrime – National Cyber Security Consulting
DARKReading
a year ago
Microsoft Advisories Are Getting Worse