CVE-2022-37967

EUVD-2022-40574
Windows Kerberos Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.2 HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
microsoftwindows_server_2022
-
netappmanagement_services_for_element_software
-
netappmanagement_services_for_netapp_hci
-
sambasamba
𝑥
< 4.15.13
sambasamba
4.16.0 ≤
𝑥
< 4.16.8
sambasamba
4.17.0 ≤
𝑥
< 4.17.4
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows Server 2008
Service Pack 2 (x64, x86)
KB5031416
Service Pack 2 Server Core (x64, x86)
KB5031416
Windows Server 2008 R2
Service Pack 1 (x64)
KB5031441
Service Pack 1 Server Core (x64)
KB5031441
Windows Server 2012
Server Core
KB5031442
Standard
KB5031442
Windows Server 2012 R2
Server Core
KB5031419
Standard
KB5031419
Windows Server 2016
Server Core
KB5031362
Standard
KB5031362
Windows Server 2019
Server Core
KB5031361
Standard
KB5031361
Windows Server 2022
Server Core
KB5031364
Standard
KB5031364
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
ignored
bullseye (security)
vulnerable
buster
ignored
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
bionic
needed
focal
Fixed 2:4.15.13+dfsg-0ubuntu0.20.04.1
released
jammy
Fixed 2:4.15.13+dfsg-0ubuntu1
released
kinetic
Fixed 2:4.16.8+dfsg-0ubuntu1
released
lunar
Fixed 2:4.17.5+dfsg-2ubuntu1
released
mantic
Fixed 2:4.17.5+dfsg-2ubuntu1
released
noble
Fixed 2:4.17.5+dfsg-2ubuntu1
released
trusty
needed
xenial
needs-triage
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37967
https://security.gentoo.org/glsa/202309-06