Detections
Analytics

Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit

high Nessus Plugin ID 165629

Language:

Synopsis

Detects potential IOCs for CVE-2022-41040 / CVE-2022-41082.

Description

This plugin detects the potential presence of a web shell in selected directories and this can be indicative that the host might have been exploited with CVE-2022-41040 / CVE-2022-41082. It is recommended that the results are manually verified and appropriate remediation actions taken.

Note that Nessus has not tested for this issue but has instead looked for files that could potentially indicate compromise.

Solution

Apply mitigation in vendor blog.

See Also

http://www.nessus.org/u?57fc3035

http://www.nessus.org/u?a7de87f3

Plugin Details

Severity: High

ID: 165629

File Name: exchange_cve-2022-41040_ioc.nbin

Version: 1.44

Type: local

Agent: windows

Family: Windows

Published: 10/3/2022

Updated: 4/23/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-41040

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: installed_sw/Microsoft Exchange, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/29/2022

CISA Known Exploited Vulnerability Due Dates: 10/21/2022

Exploitable With

Core Impact

Metasploit (Microsoft Exchange ProxyNotShell RCE)

Reference Information

CVE: CVE-2022-41040, CVE-2022-41082

IAVA: 2022-A-0474-S