CVE-2022-41064 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 MEDIUM	ADJACENT_NETWORK	HIGH	LOW	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
microsoft	CNA	5.8 MEDIUM				CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.8.1
microsoft	nuget	𝑥 < 1.1.4
microsoft	nuget	2.0.0 ≤ 𝑥 < 2.1.2
microsoft	nuget	3.0.0 ≤ 𝑥 < 4.8.5

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5019970
1607 (x64, x86)	KB5019964
1607 (x64, x86)	KB5020614
1809 (arm64, arm64, x64, x64, x86, x86)	KB5020685
20H2 (arm64, arm64, x86, x86)	KB5020686
21H1 (arm64, arm64, x64, x64, x86, x86)	KB5020801
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5020687
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5020694

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5020695
22H2 (arm64, x64)	KB5020622

Windows 7

Service Pack 1 (x64, x64, x86, x86)

Windows 8.1

(x64, x64, x86, x86)

Windows RT 8.1

All

Windows Server 2008

Service Pack 2 (x64, x86)	KB5020691
Service Pack 2 Server Core (x64, x86)	KB5020691

Windows Server 2008 R2

Service Pack 1 (x64, x64)	KB5020688
Service Pack 1 Server Core (x64, x64)	KB5020688

Windows Server 2012

Server Core	KB5020689
Standard	KB5020689

Windows Server 2012 R2

Server Core	KB5020690
Standard	KB5020690

Windows Server 2016

Server Core	KB5020614
Server Core	KB5019964
Standard	KB5020614
Standard	KB5019964

Windows Server 2019

Server Core	KB5020685
Standard	KB5020685

Windows Server 2022

Server Core	KB5020692
Standard	KB5020692

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
kinetic	ignored
lunar	not-affected
trusty	ignored
xenial	ignored

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41064