← Back

CVE-2022-32230

nvd nist
Published: Jun 14, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.

Affected (6)

Microsoft
3 products
Windows 10
Windows 11
Windows Server 2019
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows 10
Version 1809
Windows 10
Version 20h2
Windows 10
Version 21h1
Windows 10
Version 21h2
Windows 11
All versions
Windows Server 2019
All versions

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

Source: cve@rapid7.com
ExploitThird Party Advisory
Source: cve@rapid7.com
PatchVendor Advisory
Source: cve@rapid7.com
PatchVendor Advisory
Source: cve@rapid7.com
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.