CVE-2022-41082

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-41082 is a critical software vulnerability discovered in Microsoft Exchange Servers, which allows for Remote Code Execution (RCE). This flaw is one of two zero-day vulnerabilities found, the other being CVE-2022-41040. The RCE vulnerability presents a significant threat as it enables attackers to execute arbitrary code on the victim's system remotely, potentially gaining unauthorized access or control. Check Point IPS has since provided protection against these threats, including the Server-Side Request Forgery (CVE-2022-41080) and this RCE vulnerability. This vulnerability, CVE-2022-41082, was initially disclosed as a zero-day flaw in September last year, with a patch released by Microsoft in November. However, it has been revealed that the current vulnerability is actually a bypass of the initial fix, implying that the original patch did not fully address the issue. This represents a significant concern as systems believed to be secured could still be at risk from this bypassed vulnerability. Moreover, the vulnerability also bypasses another previously fixed vulnerability, CVE-2023-21529, which was patched in February. This indicates a pattern of persistent flaws within the Microsoft Exchange Servers' security infrastructure. The recurrence of these vulnerabilities underscores the importance of continuous monitoring and updating of security measures, even after patches have been applied. It also highlights the necessity for businesses using these servers to stay vigilant and ensure they have the latest protections installed to guard against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Proxynotshell
7
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Remote Code ...
Moveit
China
Chromium
Zero Day
Ransomware
Exploit
flaw
RCE (Remote ...
Cloudflare
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT41Unspecified
1
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, among other names, is a threat actor suspected to originate from China. With potential ties to the Chinese government, APT41 has been involved in complex cyber espionage operations since at least 2012, targeting organizations in at least
Unc3886Unspecified
1
UNC3886 is a threat actor with suspected links to Beijing, China, that has been active in the cyber-espionage landscape. A threat actor refers to any human entity behind the execution of actions with malicious intent, which can range from an individual hacker to a private company or even part of a g
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-41040Unspecified
3
CVE-2022-41040 is a software vulnerability that was discovered in late September 2022, along with another flaw, CVE-2022-41082. These two zero-day vulnerabilities were collectively known as ProxyNotShell. The vulnerabilities were exploited to compromise Microsoft Exchange through the proxy mechanism
CVE-2018-13379Unspecified
2
CVE-2018-13379 is a critical vulnerability that affects FortiOS and Fortiguard, presenting a flaw in their software design or implementation. This specific vulnerability, which can expose sensitive credentials, has been frequently exploited, making the top 15 most routinely exploited list in both 20
ProxyshellUnspecified
2
ProxyShell is a chain of three vulnerabilities (tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that affect Microsoft Exchange email servers. These vulnerabilities allow unauthenticated attackers to gain administrator access and execute remote code on unpatched servers. Discovered in
OwassrfUnspecified
2
OWASSRF is a software vulnerability that presents a significant security risk to Microsoft Exchange Server systems. It's an exploit method that bypasses ProxyNotShell vulnerability mitigations, allowing for remote code execution on vulnerable servers through Outlook Web Access. This vulnerability ha
CVE-2023-2868Unspecified
1
CVE-2023-2868 is a significant software vulnerability that was identified in the Barracuda Email Security Gateway (ESG) appliances. This flaw, specifically a remote command injection vulnerability, was disclosed by Barracuda on May 30th, 2023. The vulnerability had been exploited as early as October
CVE-2022-41328Unspecified
1
CVE-2022-41328 is a significant software vulnerability discovered in Fortinet's FortiOS. It was heavily targeted by China-nexus intrusion sets, particularly UNC3886, who exploited the vulnerability to deploy custom malware families on Fortinet and VMware systems. This exploitation occurred in Septem
CVE-2021-44207Unspecified
1
CVE-2021-44207 is a significant software vulnerability that was exploited by APT41, a prolific Chinese state-sponsored espionage group known for targeting both public and private sector organizations. This flaw in the USAHerds web application's design or implementation mirrors a previously reported
Proxynotshell Cve-2022-41040Unspecified
1
None
FollinaUnspecified
1
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
Proxynotshell CveUnspecified
1
None
CVE-2022-41080Unspecified
1
CVE-2022-41080 is a significant software vulnerability identified in 2022, specifically a flaw in the design or implementation of Microsoft Exchange Server. This vulnerability enables Server-Side Request Forgery (SSRF), potentially allowing malicious actors to manipulate server requests and execute
CVE-2023-21529Unspecified
1
None
Source Document References
Information about the CVE-2022-41082 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Cybersecurity threatscape: Q1 2023
CISA
6 months ago
#StopRansomware: Play Ransomware | CISA
Unit42
a year ago
Threat Brief: OWASSRF Vulnerability Exploitation
Malwarebytes
a year ago
Ransomware in December 2022
CERT-EU
9 months ago
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
CERT-EU
10 months ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
CERT-EU
10 months ago
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
DARKReading
10 months ago
'Play' Ransomware Group Targeting MSPs Worldwide in New Campaign
BankInfoSecurity
6 months ago
Breach Roundup: MongoDB Blames Phishing Email for Breach
DARKReading
a year ago
Microsoft Fixes 69 Bugs, but None Are Zero-Days
CERT-EU
6 months ago
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
CSO Online
a year ago
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
CERT-EU
9 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
BankInfoSecurity
a year ago
Play Ransomware Lists A10 Networks on its Leak Site
Recorded Future
9 months ago
Beyond the Code: Unearthing the Subtle Business Ramifications of Six Months in Vulnerabilities
Securelist
a year ago
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CERT-EU
a year ago
View the latest outbreak alerts on cyber-attacks | FortiGuard Labs
CERT-EU
9 months ago
Florian Roth, Author at Nextron Systems
CERT-EU
6 months ago
Play Ransomware: SafeBreach Coverage for US-CERT Alert (AA23-352A)
CISA
10 months ago
2022 Top Routinely Exploited Vulnerabilities | CISA