CVE-2022-41076

HIGH8.5

High EPSS

JSON export Create alert

Description

PowerShell Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / PowerShell 7.27.2.0 – 7.2.8
Microsoft / PowerShell 7.37.3.0 – 7.3.1
Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.19624
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.5582
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.3770
Microsoft / Windows 10 Version 180910.0.0 – 10.0.17763.3770
Microsoft / Windows 10 Version 20H210.0.0 – 10.0.19042.2364
Microsoft / Windows 10 Version 21H110.0.0 – 10.0.19043.2364
Microsoft / Windows 10 Version 21H210.0.19044.0 – 10.0.19044.2364
Microsoft / Windows 10 Version 22H210.0.19045.0 – 10.0.19045.2364
Microsoft / Windows 11 version 21H210.0.22000.0 – 10.0.22000.1335
Microsoft / Windows 11 version 22H210.0.22621.0 – 10.0.22621.993
Microsoft / Windows 76.1.0 – 6.1.7601.26266
Microsoft / Windows 7 Service Pack 16.1.0 – 6.1.7601.26266
Microsoft / Windows 8.16.3.0 – 6.3.9600.20721
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.26266
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.26266
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.21815
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.21815
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.24018
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.20721
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.20721
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.24018
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.5582
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.5582
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.3770
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.3770
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.1366

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076