CVE-2022-41082

Description from NVD

Microsoft Exchange Server Remote Code Execution Vulnerability.

Information Acquisition Date:2023-01-04T15:01Z
CVSS 2.0: 0.0 None CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
     source:MISC
     tags:Patch    Vendor Advisory    
 VU#915563
     source:CERT-VN
     tags:Third Party Advisory    US Government Resource    
 http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

This vulnerability may involve a PoC.

Description from Forti

Possible New Microsoft Exchange RCE 0-day Being Exploited in the Wild

Information Acquisition Date:2022/10/01

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Exchange(6 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com51
http://twinybots.ch15
https://thehackernews.com/2022/09/microsoft-confirms-2-new-...10
https://www.cisa.gov/known-exploited-vulnerabilities-catalog9
https://www.helpnetsecurity.com/2022/09/30/cve-2022-41040-c...8
https://www.snort.org/downloads7
http://cyberiqs.com/latestnews6
https://www.securityweek.com/microsoft-links-exploitation-e...5
https://securityboulevard.com/2022/10/safebreach-coverage-f...5
https://ipssignatures.appspot.com/?cve=CVE-2022-410825
https://community.emergingthreats.net/t/regarding-coverage-...5
https://github.com/revers0id/CVE-2022-41082-PoC4
https://gteltsc.vn/blog/warning-new-attack-campaign-utilize...4
https://twitter.com/SeguInfo/status/15758290000809205774
https://www.rapid7.com/blog/post/2022/12/21/cve-2022-41080-...4
https://www.tenable.com/blog/cve-2022-41040-and-cve-2022-41...4
https://www.microsoft.com/security/blog/2022/09/30/analyzin...4
https://nakedsecurity.sophos.com/20224
https://buff.ly/3LSgcQw3
https://xtra.li/3rsmwF13
http://mi6rogue.com/blog3
https://securelist.com/cve-2022-41040-and-cve-2022-41082-ze...3
https://doublepulsar.com/proxynotshell-the-story-of-the-cla...3
https://tweetedtimes.com/susession?s=tnp3
https://www.borncity.com/blog/2022/10/11/exchange-server-ne...3
https://www.wordfence.com/blog/2022/10/two-weeks-of-monitor...3
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2...3
https://securityaffairs.co/wordpress/138768/hacking/proxyno...3
https://securitytrails.com/blog/zero-day-microsoft-exchange...3
https://www.safebreach.com/resources/blog/safebreach-covera...3
https://securityonline.info/cve-2022-41040-cve-2022-41082-e...3
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-a...3
https://www.shadowserver.org/what-we-do/network-reporting/v...3
https://www.vulnmachines.com3
https://blog.segu-info.com.ar/2022/10/vulnerabilidad-critic...3
https://msrc-blog.microsoft.com/2022/09/29/customer-guidanc...3
https://www.bleepingcomputer.com/news/microsoft/microsoft-c...3
https://www.zerodayinitiative.com/blog/2022/11/14/control-y...3
https://unit42.paloaltonetworks.com/proxynotshell-cve-2022-...3
https://xcloud.spectrum.colortokens.com/cve/CVE-2022-410823

Information from Twitter

User URL Info Source Date
BassamMaharmeh https://msrc.microsoft.com/update-guide/vulnerability/CVE-2... Source BassamMaharmeh   1621080558762688513 2023/02/02
SecurePeacock https://redcanary.com/blog/intelligence-insights-january-2023 Source SecurePeacock    1621553311177392129 2023/02/04
BitSight https://bitsig.ht/3RhETsc Source BitSight         1622959107463598081 2023/02/07
BitSight https://twitter.com/BitSight/status/1622959107463598081/pho... Source BitSight         1622959107463598081 2023/02/07
fe_tsoc https://socradar.io/reports-of-proxynotshell-vulnerabilitie... Source fe_tsoc          1630259749877952516 2023/02/28
DTS_Solution https://cloudsecurityalliance.org/articles/owassrf-new-expl... Source DTS_Solution     1630902357331419139 2023/03/01
DTS_Solution https://twitter.com/DTS_Solution/status/1630902357331419139... Source DTS_Solution     1630902357331419139 2023/03/01
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2022-41082 Source threatintelctr   1631420845162627075 2023/03/03
cloudsa https://bit.ly/3mGTPVF Source cloudsa          1633920653379395584 2023/03/10
fletch_ai https://bit.ly/3GviGlo Source fletch_ai        1636614607941910531 2023/03/17

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com51
twinybots.ch15
thehackernews.com10
www.cisa.gov9
www.helpnetsecurity.com8
www.snort.org7
cyberiqs.com6
www.securityweek.com5
securityboulevard.com5
ipssignatures.appspot.com5
community.emergingthreats.net5
github.com4
gteltsc.vn4
twitter.com4
www.rapid7.com4
www.tenable.com4
www.microsoft.com4
nakedsecurity.sophos.com4
buff.ly3
xtra.li3
mi6rogue.com3
securelist.com3
doublepulsar.com3
tweetedtimes.com3
www.borncity.com3
www.wordfence.com3
msrc.microsoft.com3
securityaffairs.co3
securitytrails.com3
www.safebreach.com3
securityonline.info3
www.crowdstrike.com3
www.shadowserver.org3
www.vulnmachines.com3
blog.segu-info.com.ar3
msrc-blog.microsoft.com3
www.bleepingcomputer.com3
www.zerodayinitiative.com3
unit42.paloaltonetworks.com3
xcloud.spectrum.colortokens.com3

Information from Twitter

User URL Info Source
BassamMaharmeh msrc.microsoft.com Show Tweet
SecurePeacock redcanary.com Show Tweet
BitSight bitsig.ht Show Tweet
BitSight twitter.com Show Tweet
fe_tsoc socradar.io Show Tweet
DTS_Solution cloudsecurityalliance.org Show Tweet
DTS_Solution twitter.com Show Tweet
threatintelctr nvd.nist.gov Show Tweet
cloudsa bit.ly Show Tweet
fletch_ai bit.ly Show Tweet
GitHub Search Results: Up to 10
NameURL
mr-r3b00t/NotProxyShellHunter https://github.com/mr-r3b00t/NotProxyShellHunter
Diverto/nse-exchange https://github.com/Diverto/nse-exchange
balki97/OWASSRF-CVE-2022-41082-POC https://github.com/balki97/OWASSRF-CVE-2022-41082-POC
rjsudlow/proxynotshell-IOC-Checker https://github.com/rjsudlow/proxynotshell-IOC-Checker
ZephrFish/NotProxyShellScanner https://github.com/ZephrFish/NotProxyShellScanner
notareaperbutDR34P3r/http-vuln-CVE-2022-41082 https://github.com/notareaperbutDR34P3r/http-vuln-CVE-2022-41082
PyterSmithDarkGhost/ZERODAYENCADEAMENTOCVE2022-41040-CVE2022-41082 https://github.com/PyterSmithDarkGhost/ZERODAYENCADEAMENTOCVE2022-41040-CVE2022-41082
Live-Hack-CVE/CVE-2022-41082 https://github.com/Live-Hack-CVE/CVE-2022-41082
trhacknon/CVE-2022-41082-MASS-SCANNER https://github.com/trhacknon/CVE-2022-41082-MASS-SCANNER
west-wind/Threat-Hunting-With-Splunk https://github.com/west-wind/Threat-Hunting-With-Splunk
GitHub Search Results: Up to 10
NameURL
mr-r3b00t/NotProxyShellHunter github.com
Diverto/nse-exchange github.com
balki97/OWASSRF-CVE-2022-41082-POC github.com
rjsudlow/proxynotshell-IOC-Checker github.com
ZephrFish/NotProxyShellScanner github.com
notareaperbutDR34P3r/http-vuln-CVE-2022-41082 github.com
PyterSmithDarkGhost/ZERODAYENCADEAMENTOCVE2022-41040-CVE2022-41082 github.com
Live-Hack-CVE/CVE-2022-41082 github.com
trhacknon/CVE-2022-41082-MASS-SCANNER github.com
west-wind/Threat-Hunting-With-Splunk github.com
2023/03/17 Score : 1
Added Har-sia Database : 2022/09/30
Last Modified : 2023/03/17
Highest Scored Date : 2022/09/30
Highest Score : 146