Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2022-32230

Published: 14/06/2022 Updated: 23/06/2022
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 695
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Windows Server 2019

Vulnerability Summary

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows 11 -

microsoft windows 10 21h2

Github Repositories

https://github.com/phrara/FGV50

For a science geek, isn't it cool?

FGV50 jy, v50; hy, v50! Project Architecture Modules Scanner Structure Web API "/" Method: GET Param: null "/hist" Method: POST ReqParam: { "time": "2022-09-01 15:51:07" } RespParam: 同下 "/cmd" Method: POST ReqParam: { "cmd_type": "i&quo

https://github.com/jercle/azgo

Azure Tooling with enhanced reporting, data aggregation, and UX

AZGO Extends the functionality, UX, and data aggregation of the Azure CLI AZGO Function of this CLI Simple example Set current active subscription Prerequisites Installation Authentication Usage Function of this CLI This CLI has been created to add additional functionality to Azure CLI such as data aggregation from multiple az commands, reporting, and pulling data from

References

CWE-476https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32230https://www.rapid7.com/blog/post/2022/06/14/cve-2022-32230-windows-smb-denial-of-service-vulnerability-fixed/https://support.microsoft.com/en-us/topic/may-10-2022-kb5013942-os-builds-19042-1706-19043-1706-and-19044-1706-60b51119-85be-4a34-9e21-8954f6749504https://github.com/zeroSteiner/metasploit-framework/blob/feat/mod/cve-2022-32230/modules/auxiliary/dos/smb/smb_filenormalizednameinformation.rbhttps://nvd.nist.govhttps://github.com/phrara/FGV50
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook