CVE-2022-30170: Windows Credential Roaming Service Elevation of Privilege Vulnerability

high7.3CVSS 3.1

AVLACLPRLUIRSUCHIHAH

ITW

Exploited in the wild

Windows Credential Roaming Service Elevation of Privilege Vulnerability

Affected

41 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10_version_1507	>= 10.0.10240.0 < 10.0.10240.19444	10.0.10240.19444
microsoft	windows_10_version_1607	>= 10.0.14393.0 < 10.0.14393.5356	10.0.14393.5356
microsoft	windows_10_version_1809	>= 10.0.0 < 10.0.17763.3406	10.0.17763.3406
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.3406	10.0.17763.3406
microsoft	windows_10_version_20h2	>= 10.0.0 < 10.0.19042.2006	10.0.19042.2006
microsoft	windows_10_version_21h1	>= 10.0.0 < 10.0.19043.2006	10.0.19043.2006
microsoft	windows_10_version_21h2	>= 10.0.19043.0 < 10.0.19044.2006	10.0.19044.2006
microsoft	windows_11_version_21h2	>= 10.0.22000.0 < 10.0.22000.978	10.0.22000.978
microsoft	windows_7	>= 6.1.0 < 6.1.7601.26115	6.1.7601.26115
microsoft	windows_7_service_pack_1	>= 6.1.0 < 6.1.7601.26115	6.1.7601.26115
microsoft	windows_8.1	>= 6.3.0 < 6.3.9600.20571	6.3.9600.20571
microsoft	windows_server_2008	—	—
microsoft	windows_server_2008_r2_service_pack_1	>= 6.1.7601.0 < 6.1.7601.26115	6.1.7601.26115
microsoft	windows_server_2008_service_pack_2	>= 6.0.6003.0 < 6.0.6003.21666	6.0.6003.21666
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.23865	6.2.9200.23865
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.20571	6.3.9600.20571
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.5356	10.0.14393.5356
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.3406	10.0.17763.3406
microsoft	windows_server_2022	>= 10.0.20348.0 < 10.0.20348.1006	10.0.20348.1006

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

ghsa7.3HIGH

osv7.3HIGH

vulncheck7.3HIGH