cisa-known-exploited-vulns icon indicating copy to clipboard operation
cisa-known-exploited-vulns copied to clipboard

Published 20 hours ago verified publisher icon hrbrmstr

KEV Release: 2022-07-01

Open hrbrmstr opened this issue 3 years ago • 0 comments

KEV Release: 2022-07-01

1 CVE in this release.

  • CVE-2022-26925: Local/Adjacent (Microsoft:Windows) Microsoft Windows LSA Spoofing Vulnerability :: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

    Additional Information

    • CVSS 5.9
    • Severity: MEDIUM
    • Attack Vector: NETWORK
    • Attack Complexity: HIGH
    • Privileges Required: NONE
    • User Interaction: NONE
    • Impact: 3.6
    • CWE: CWE-290
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
    • EPSS: 0.022510000 / 0.801020000
    • In The Wild: https://inthewild.io/vuln/CVE-2022-26925

hrbrmstr avatar Jul 04 '22 18:07 hrbrmstr