CVE-2022-41080 - Vulnerability Details - OpenCVE

Microsoft Exchange Server Elevation of Privilege Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Jan. 10, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Exchange Server

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23::::::
	cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22::::::
	cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23::::::
	cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11::::::
	cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12::::::

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080

History

Tue, 04 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-01-10'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2022-11-09T00:00:00.000Z

Updated: 2025-02-04T14:11:16.864Z

Reserved: 2022-09-19T00:00:00.000Z

Link: CVE-2022-41080

Vulnrichment

Updated: 2024-08-03T12:35:48.787Z

NVD

Status : Analyzed

Published: 2022-11-09T22:15:21.550

Modified: 2025-02-18T15:01:39.597

Link: CVE-2022-41080

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41080", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "dateUpdated": "2025-02-04T14:11:16.864Z", "dateReserved": "2022-09-19T00:00:00.000Z", "datePublished": "2022-11-09T00:00:00.000Z"}, "containers": {"cna": {"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "datePublic": "2022-11-08T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", "versionStartIncluding": "15.01.0", "versionEndExcluding": "15.01.2507.016"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", "versionStartIncluding": "15.02.0", "versionEndExcluding": "15.02.1118.020"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", "versionStartIncluding": "15.00.0", "versionEndExcluding": "15.00.1497.044"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", "versionStartIncluding": "15.02.0", "versionEndExcluding": "15.02.0986.036"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.01.2375.037"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23", "platforms": ["x64-based Systems"], "versions": [{"version": "15.01.0", "lessThan": "15.01.2507.016", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 12", "platforms": ["x64-based Systems"], "versions": [{"version": "15.02.0", "lessThan": "15.02.1118.020", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "platforms": ["x64-based Systems"], "versions": [{"version": "15.00.0", "lessThan": "15.00.1497.044", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 11", "platforms": ["x64-based Systems"], "versions": [{"version": "15.02.0", "lessThan": "15.02.0986.036", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 22", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.01.2375.037", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T21:31:28.814Z"}, "references": [{"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:35:48.787Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-22T05:00:58.328537Z", "id": "CVE-2022-41080", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41080"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:11:16.864Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", "name": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:35:48.787Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41080", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2023-12-22T05:00:58.328537Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41080"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T14:11:11.330Z"}}], "cna": {"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 23", "versions": [{"status": "affected", "version": "15.01.0", "lessThan": "15.01.2507.016", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 12", "versions": [{"status": "affected", "version": "15.02.0", "lessThan": "15.02.1118.020", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "versions": [{"status": "affected", "version": "15.00.0", "lessThan": "15.00.1497.044", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2019 Cumulative Update 11", "versions": [{"status": "affected", "version": "15.02.0", "lessThan": "15.02.0986.036", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft Exchange Server 2016 Cumulative Update 22", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "15.01.2375.037", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2022-11-08T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", "name": "Microsoft Exchange Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "Impact", "description": "Elevation of Privilege"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.01.2507.016", "versionStartIncluding": "15.01.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.02.1118.020", "versionStartIncluding": "15.02.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.00.1497.044", "versionStartIncluding": "15.00.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.02.0986.036", "versionStartIncluding": "15.02.0"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "15.01.2375.037", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T21:31:28.814Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41080", "state": "PUBLISHED", "dateUpdated": "2025-02-04T14:11:16.864Z", "dateReserved": "2022-09-19T00:00:00.000Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2022-11-09T00:00:00.000Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-01-31", "cisaExploitAdd": "2023-01-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", "matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*", "matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", "matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*", "matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Exchange Server"}], "id": "CVE-2022-41080", "lastModified": "2025-02-18T15:01:39.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2022-11-09T22:15:21.550", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}