CVE-2022-38023Use of Weak Hash in Microsoft Windows Server 2008 R2 Service Pack 1

CWE-328Use of Weak Hash14 documents9 sources
Severity
8.1HIGHCNA
OSV6.5OSV5.9
No vector
EPSS
0.5%
top 34.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
18
Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2012+15 more
Timeline
PublishedNov 9
Latest updateFeb 14

Description

Netlogon RPC Elevation of Privilege Vulnerability Netlogon RPC Elevation of Privilege Vulnerability

Affected Packages18 packages

debiandebian/samba< samba 2:4.17.4+dfsg-1 (bookworm)
CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.24374
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.6085
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.4645
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.1850

🔴Vulnerability Details

5
OSV
samba vulnerabilities2023-03-08
OSV
samba regression2023-01-26
OSV
samba vulnerabilities2023-01-24
GHSA
GHSA-vww6-8mc9-cqg6: Netlogon RPC Elevation of Privilege Vulnerability2022-11-10
CVEList
Netlogon RPC Elevation of Privilege Vulnerability2022-11-09

📋Vendor Advisories

7
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Samba vulnerabilities2023-03-08
Ubuntu
Samba regression2023-01-26
Ubuntu
Samba vulnerabilities2023-01-24
Red Hat
samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided2022-12-16

🕵️Threat Intelligence

2
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years).2022-11-08
Qualys
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities With 10 Critical; Adobe Releases Zero Advisories (for the First Time in Six Years). | Qualys2022-11-08
CVE-2022-38023 — Use of Weak Hash in Microsoft | cvebase