Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2022-41040
PUBLISHEDMicrosoft Exchange Server Elevation of Privilege Vulnerability
- Vendor
- Microsoft
- Product
- Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23
- Published
- Oct 03, 2022
- EPSS
- —
Description
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Sep 30, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchange_proxynotshell_rce.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2022-10-20 03:11:03 UTC · 34 stars
the metasploit script(POC) about CVE-2022-41040. Microsoft Exchange are vulnerable to a server-side request forgery (SSRF) attack. An authenticated attacker can use the vulnerability to elevate privileges.
github · Created 2022-10-09 15:27:40 UTC · 89 stars
CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server
github · Created 2022-10-06 01:20:32 UTC · 5 stars
Code set relating to CVE-2022-41040
github · Created 2022-10-04 14:07:18 UTC · 5 stars
mitigation script for MS Exchange server vuln
github · Created 2022-10-02 11:26:57 UTC · 18 stars
CVE-2022-41040 nuclei template
Timeline
-
CVE ID Reserved
-
Exploit Used in Malware
-
Added to KEVIntel
-
CVE Published to Public
-
Detected by Metasploit