Directory Traversal Vulnerability in networkd-dispatcher by Linux Vendor
CVE-2022-29799

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Networkd-dispatcher
Vendor: CVE Published:; 21 September 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 11%

What is CVE-2022-29799?

A vulnerability in networkd-dispatcher can be exploited due to insufficient sanitization of functions related to OperationalState and AdministrativeState. This flaw allows attackers to perform directory traversal attacks, potentially escaping the authorized '/etc/networkd-dispatcher' base directory, and compromising system integrity.

Affected Version(s)

networkd-dispatcher uknown

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

NimbusPWN-CVE-2022-29799-29800
Created by joshuavanderpoll

References

https://www.microsoft.com/security/blog/2022/04/26/micros...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 18, 2026
👾
Exploit known to exist
Jun 18, 2026
Vulnerability published
Sep 21, 2022
Vulnerability Reserved
Apr 25, 2022

CVE-2022-29799 Data

JSON

Microsoft