Remote Code Execution Vulnerability in Netwrix Auditor by Netwrix
CVE-2022-31199

9.8CRITICAL

Key Information:

Vendor: Netwrix
Status: Auditor
Vendor: CVE Published:; 8 November 2022

Badges

💰 Ransomware👾 Exploit Exists🦅 CISA Reported

What is CVE-2022-31199?

The Netwrix Auditor platform is affected by a vulnerability that enables remote code execution via the User Activity Video Recording component. This flaw allows attackers to interface with the underlying protocol, potentially granting unauthorized individuals the ability to run arbitrary code on compromised systems with system-level privileges (NT AUTHORITY\SYSTEM). This is particularly critical for monitored systems, where sensitive data and operations may be at risk. Addressing this issue is vital for maintaining the integrity and security of your environment.

CISA has reported CVE-2022-31199

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2022-31199 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

References

https://bishopfox.com/blog/netwrix-auditor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

💰
Used in Ransomware
Jul 11, 2023
👾
Exploit known to exist
Jul 11, 2023
🦅
CISA Reported
Jul 11, 2023
Vulnerability published
Nov 8, 2022
Vulnerability Reserved
May 18, 2022