Unknown
CVE-2022-34721
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(1 user assessed)Unknown
(1 user assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34722.
Add Assessment
Technical Analysis
I must be missing something as the PoC script *https://github.com/78ResearchLab/PoC/blob/main/CVE-2022-34721/CVE-2022-34721.py) does not execute any exception/BSOD let alone the RCE.
From what I can see, the script does not carry any RCE payload, but I thought it would at least cause some app/os exception.
When I fire it up against w2k19 VPN server, nothing happens.
I would have expected that at least some kind of unhandled exception/BSOD occurred, but nothing …
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Vendors
- Microsoft
Products
- Windows,
- Windows Server,
- Windows Server 2019 (Server Core installation),
- Windows 10 Version 21H1 for x64-based Systems,
- Windows 10 Version 21H1 for ARM64-based Systems,
- Windows 10 Version 21H1 for 32-bit Systems,
- Windows Server 2022,
- Windows Server 2022 (Server Core installation),
- Windows Server 2022 Azure Edition Core Hotpatch,
- Windows 10 Version 20H2 for x64-based Systems,
- Windows 10 Version 20H2 for 32-bit Systems,
- Windows 10 Version 20H2 for ARM64-based Systems,
- Windows 11 for x64-based Systems,
- Windows 11 for ARM64-based Systems,
- Windows 10 Version 21H2 for 32-bit Systems,
- Windows 10 Version 21H2 for ARM64-based Systems,
- Windows 10 Version 21H2 for x64-based Systems,
- Windows Server 2016 (Server Core installation)
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
I believe @cdelafuente-r7 was looking at this last week as well and had the same experience!