CVE-2022-41080

Vulnerability updated 23 days ago (2024-11-29T14:27:21.945Z)
Download STIX
Preview STIX
CVE-2022-41080 is a significant software vulnerability identified in 2022, specifically a flaw in the design or implementation of Microsoft Exchange Server. This vulnerability enables Server-Side Request Forgery (SSRF), potentially allowing malicious actors to manipulate server requests and execute arbitrary code remotely. The vulnerability also forms part of the ProxyNotShell exploit, along with CVE-2022-41082. In a notable incident, cloud services provider Rackspace confirmed that it had suffered a security breach due to this vulnerability. Approximately a month prior to their announcement, the Play ransomware group exploited CVE-2022-41080 to gain access to Rackspace's Hosted Exchange email environment. This incident highlighted the severity of the threat posed by this vulnerability and the potential for its exploitation by malicious groups. However, protection against this vulnerability has been provided by Check Point IPS. Their system offers defenses against both the SSRF threat posed by CVE-2022-41080 and the Remote Code Execution associated with CVE-2022-41082. The effective deployment of such protective measures can help prevent future exploits of this vulnerability, safeguarding systems from potential breaches.
Description last updated: 2024-05-04T16:17:27.059Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Proxynotshell is a possible alias for CVE-2022-41080. ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
4
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Exploit
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Owassrf Vulnerability is associated with CVE-2022-41080. OWASSRF is a software vulnerability that presents a significant security risk to Microsoft Exchange Server systems. It's an exploit method that bypasses ProxyNotShell vulnerability mitigations, allowing for remote code execution on vulnerable servers through Outlook Web Access. This vulnerability haUnspecified
3
The Proxyshell Vulnerability is associated with CVE-2022-41080. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT acUnspecified
2
Source Document References
Information about the CVE-2022-41080 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CERT-EU
a year ago
CrowdStrike
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
Checkpoint
2 years ago
Checkpoint
2 years ago
Unit42
2 years ago
Malwarebytes
2 years ago
BankInfoSecurity
2 years ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
DARKReading
2 years ago