CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- September 19, 2022
- Published Date
- October 03, 2022
- Last Updated
- March 11, 2025
- Vendor
- Microsoft
- Product
- Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23
- Description
- Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-09-30 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/exchange_proxynotshell_rce.rb | 2025-04-29 11:01:37 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
exchange_proxynotshell_rce
Type: metasploit • Created: Unknown
SUPRAAA-1337/CVE-2022-41082
Type: github • Created: 2023-09-03 20:55:20 UTC • Stars: 2
balki97/OWASSRF-CVE-2022-41082-POC
Type: github • Created: 2022-12-22 09:35:26 UTC • Stars: 92
sikkertech/CVE-2022-41082
Type: github • Created: 2022-12-01 20:48:53 UTC • Stars: 2
notareaperbutDR34P3r/http-vuln-CVE-2022-41082
Type: github • Created: 2022-11-14 08:31:16 UTC • Stars: 3