CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
Vulnerabilidad de elevaciĆ³n de privilegios en Kerberos RC4-HMAC de Windows
An update that fixes three vulnerabilities is now available. This update for samba fixes the following issues. Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password. Disabled weak ciphers by default in the Netlogon Secure channel. Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-08 CVE Reserved
- 2022-11-09 CVE Published
- 2025-01-02 CVE Updated
- 2025-06-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://security.gentoo.org/glsa/202309-06 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966 | 2023-09-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Management Services For Netapp Hci Search vendor "Netapp" for product "Management Services For Netapp Hci" | - | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | > 4.15.13 Search vendor "Samba" for product "Samba" and version " > 4.15.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.16.0 < 4.16.8 Search vendor "Samba" for product "Samba" and version " >= 4.16.0 < 4.16.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | >= 4.17.0 < 4.17.4 Search vendor "Samba" for product "Samba" and version " >= 4.17.0 < 4.17.4" | - |
Affected
| ||||||