Potential exposure to Microsoft Exchange CVE-2022-41040 / CVE-2022-41082 Exploit

high Nessus Plugin ID 165629


Detects potential IOCs for CVE-2022-41040 / CVE-2022-41082.


This plugin detects the potential presence of a web shell in selected directories and this can be indicative that the host might have been exploited with CVE-2022-41040 / CVE-2022-41082. It is recommended that the results are manually verified and appropriate remediation actions taken.

Note that Nessus has not tested for this issue but has instead looked for files that could potentially indicate compromise.


Apply mitigation in vendor blog.

See Also



Plugin Details

Severity: High

ID: 165629

File Name: exchange_cve-2022-41040_ioc.nbin

Version: 1.31

Type: local

Agent: windows

Family: Windows

Published: 10/3/2022

Updated: 11/14/2023

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Critical

Score: 9.2


Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-41082


Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:exchange_server

Required KB Items: installed_sw/Microsoft Exchange, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/29/2022

CISA Known Exploited Vulnerability Due Dates: 10/21/2022

Exploitable With

Core Impact

Metasploit (Microsoft Exchange ProxyNotShell RCE)

Reference Information

CVE: CVE-2022-41040, CVE-2022-41082

IAVA: 2022-A-0474-S