CVE-2022-41080

Vulnerability updated 4 months ago (2024-05-04T19:02:10.236Z)

Download STIX

Preview STIX

CVE-2022-41080 is a significant software vulnerability identified in 2022, specifically a flaw in the design or implementation of Microsoft Exchange Server. This vulnerability enables Server-Side Request Forgery (SSRF), potentially allowing malicious actors to manipulate server requests and execute arbitrary code remotely. The vulnerability also forms part of the ProxyNotShell exploit, along with CVE-2022-41082. In a notable incident, cloud services provider Rackspace confirmed that it had suffered a security breach due to this vulnerability. Approximately a month prior to their announcement, the Play ransomware group exploited CVE-2022-41080 to gain access to Rackspace's Hosted Exchange email environment. This incident highlighted the severity of the threat posed by this vulnerability and the potential for its exploitation by malicious groups. However, protection against this vulnerability has been provided by Check Point IPS. Their system offers defenses against both the SSRF threat posed by CVE-2022-41080 and the Remote Code Execution associated with CVE-2022-41082. The effective deployment of such protective measures can help prevent future exploits of this vulnerability, safeguarding systems from potential breaches.

Description last updated: 2024-05-04T16:17:27.059Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Proxynotshell	4	ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Exploit

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
Owassrf	Unspecified	3	OWASSRF is a software vulnerability that presents a significant security risk to Microsoft Exchange Server systems. It's an exploit method that bypasses ProxyNotShell vulnerability mitigations, allowing for remote code execution on vulnerable servers through Outlook Web Access. This vulnerability ha
Proxyshell	Unspecified	2	ProxyShell is a series of vulnerabilities affecting Microsoft Exchange email servers. These flaws in software design or implementation have been exploited by threat actors to gain unauthorized access and control over targeted systems. The ProxyShell vulnerability, officially tracked as CVE-2021-3447

Source Document References

Information about the CVE-2022-41080 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	10 months ago	Rackspace racks up $11M in ransomware-related costs
CERT-EU	10 months ago	Rackspace racks up $12M in ransomware-related costs
CrowdStrike	10 months ago	Patch Tuesday Turns 20: The Impact of Microsoft’s Vulnerability Problem
CERT-EU	a year ago	Florian Roth, Author at Nextron Systems
CERT-EU	a year ago	Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU	a year ago	Rackspace Faces Massive Cleanup Costs After Ransomware Attack
CERT-EU	a year ago	Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU	a year ago	Cybersecurity threatscape: Q1 2023
CERT-EU	a year ago	Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards
Checkpoint	2 years ago	26th December – Threat Intelligence Report – Check Point Research
Checkpoint	2 years ago	9th January – Threat Intelligence Report - Check Point Research
Unit42	2 years ago	Threat Brief: OWASSRF Vulnerability Exploitation
Malwarebytes	2 years ago	Ransomware in December 2022
BankInfoSecurity	2 years ago	Play Ransomware Lists A10 Networks on its Leak Site
CERT-EU	2 years ago	Play Ransomware Lists A10 Networks on Its Leak Site
Securityaffairs	a year ago	Charming Kitten used a new BellaCiao malware in recent wave of attacks
CERT-EU	a year ago	Dragos releases industrial ransomware analysis for Q1 2023 \| #ransomware \| #cybercrime – National Cyber Security Consulting
DARKReading	a year ago	Microsoft Advisories Are Getting Worse