CVE-2022-24489 — Improper Privilege Management in Microsoft Windows Server 2016

Severity

7.8HIGHNVD

EPSS

0.2%

top 55.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 15

Latest updateApr 16

Description

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.5066

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.2803

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.643

▶CVEListV5microsoft/windows_server_version_20h210.0.0 — 10.0.19042.1645

GHSA

GHSA-wqqg-h4wv-cw99: Cluster Client Failover (CCF) Elevation of Privilege Vulnerability↗2022-04-16

▶

CVEList

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability↗2022-04-15

▶

Microsoft

Cluster Client Failover (CCF) Elevation of Privilege Vulnerability↗2022-04-12

▶