Attacker Value

Unknown

CVE-2022-40137

CVE ID

AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:

CVE ID:

Add References:

Advisory

Description: URL:

Add Another

Exploit

Description: URL:

Add Another

Mitigation

Description: URL:

Add Another

Government or Industry Alert

Description: URL:

Add Another

Miscellaneous

Description: URL:

Add Another

Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

High

Attack Vector

Local

CVE-2022-40137

Disclosure Date: January 30, 2023 •

(Last updated October 08, 2023) ▾

CVE-2022-40137 CVSS v3 Base Score: 6.7

MITRE ATT&CK Log in to add MITRE ATT&CK tag

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

MITRE ATT&CK

Select the MITRE ATT&CK Tactics that apply to this CVE

Collection

Select any Techniques used:

Data from Local System

Data from Removable Media

Data from Network Shared Drive

Input Capture

Input Capture: Keylogging

Input Capture: GUI Input Capture

Input Capture: Web Portal Capture

Input Capture: Credential API Hooking

Data Staged

Data Staged: Local Data Staging

Data Staged: Remote Data Staging

Screen Capture

Email Collection

Email Collection: Local Email Collection

Email Collection: Remote Email Collection

Email Collection: Email Forwarding Rule

Clipboard Data

Automated Collection

Audio Capture

Video Capture

Man in the Browser

Data from Information Repositories

Data from Information Repositories: Confluence

Data from Information Repositories: Sharepoint

Data from Cloud Storage Object

Man-in-the-Middle

Man-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay

Archive Collected Data

Archive Collected Data: Archive via Utility

Archive Collected Data: Archive via Library

Archive Collected Data: Archive via Custom Method

Command and Control

Select any Techniques used:

Data Obfuscation

Data Obfuscation: Junk Data

Data Obfuscation: Steganography

Data Obfuscation: Protocol Impersonation

Fallback Channels

Application Layer Protocol

Application Layer Protocol: Web Protocols

Application Layer Protocol: File Transfer Protocols

Application Layer Protocol: Mail Protocols

Application Layer Protocol: DNS

Proxy

Proxy: Internal Proxy

Proxy: External Proxy

Proxy: Multi-hop Proxy

Proxy: Domain Fronting

Communication Through Removable Media

Non-Application Layer Protocol

Web Service

Web Service: Dead Drop Resolver

Web Service: Bidirectional Communication

Web Service: One-Way Communication

Multi-Stage Channels

Ingress Tool Transfer

Data Encoding

Data Encoding: Standard Encoding

Data Encoding: Non-Standard Encoding

Traffic Signaling

Traffic Signaling: Port Knocking

Remote Access Software

Dynamic Resolution

Dynamic Resolution: Fast Flux DNS

Dynamic Resolution: Domain Generation Algorithms

Dynamic Resolution: DNS Calculation

Non-Standard Port

Protocol Tunneling

Encrypted Channel

Encrypted Channel: Symmetric Cryptography

Encrypted Channel: Asymmetric Cryptography

Credential Access

Select any Techniques used:

OS Credential Dumping

OS Credential Dumping: LSASS Memory

OS Credential Dumping: Security Account Manager

OS Credential Dumping: NTDS

OS Credential Dumping: LSA Secrets

OS Credential Dumping: Cached Domain Credentials

OS Credential Dumping: DCSync

OS Credential Dumping: Proc Filesystem

OS Credential Dumping: /etc/passwd and /etc/shadow

Network Sniffing

Input Capture

Input Capture: Keylogging

Input Capture: GUI Input Capture

Input Capture: Web Portal Capture

Input Capture: Credential API Hooking

Brute Force

Brute Force: Password Guessing

Brute Force: Password Cracking

Brute Force: Password Spraying

Brute Force: Credential Stuffing

Two-Factor Authentication Interception

Forced Authentication

Exploitation for Credential Access

Steal Application Access Token

Steal Web Session Cookie

Unsecured Credentials

Unsecured Credentials: Credentials In Files

Unsecured Credentials: Credentials in Registry

Unsecured Credentials: Bash History

Unsecured Credentials: Private Keys

Unsecured Credentials: Cloud Instance Metadata API

Unsecured Credentials: Group Policy Preferences

Credentials from Password Stores

Credentials from Password Stores: Keychain

Credentials from Password Stores: Securityd Memory

Credentials from Password Stores: Credentials from Web Browsers

Modify Authentication Process

Modify Authentication Process: Domain Controller Authentication

Modify Authentication Process: Password Filter DLL

Modify Authentication Process: Pluggable Authentication Modules

Man-in-the-Middle

Man-in-the-Middle: LLMNR/NBT-NS Poisoning and SMB Relay

Steal or Forge Kerberos Tickets

Steal or Forge Kerberos Tickets: Golden Ticket

Steal or Forge Kerberos Tickets: Silver Ticket

Steal or Forge Kerberos Tickets: Kerberoasting

Defense Evasion

Select any Techniques used:

Direct Volume Access

Rootkit

Obfuscated Files or Information

Obfuscated Files or Information: Binary Padding

Obfuscated Files or Information: Software Packing

Obfuscated Files or Information: Steganography

Obfuscated Files or Information: Compile After Delivery

Obfuscated Files or Information: Indicator Removal from Tools

Masquerading

Masquerading: Invalid Code Signature

Masquerading: Right-to-Left Override

Masquerading: Rename System Utilities

Masquerading: Masquerade Task or Service

Masquerading: Match Legitimate Name or Location

Masquerading: Space after Filename

Process Injection

Process Injection: Dynamic-link Library Injection

Process Injection: Portable Executable Injection

Process Injection: Thread Execution Hijacking

Process Injection: Asynchronous Procedure Call

Process Injection: Thread Local Storage

Process Injection: Ptrace System Calls

Process Injection: Proc Memory

Process Injection: Extra Window Memory Injection

Process Injection: Process Hollowing

Process Injection: Process Doppelgänging

Process Injection: VDSO Hijacking

Indicator Removal on Host

Indicator Removal on Host: Clear Windows Event Logs

Indicator Removal on Host: Clear Linux or Mac System Logs

Indicator Removal on Host: Clear Command History

Indicator Removal on Host: File Deletion

Indicator Removal on Host: Network Share Connection Removal

Indicator Removal on Host: Timestomp

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Modify Registry

Trusted Developer Utilities Proxy Execution

Trusted Developer Utilities Proxy Execution: MSBuild

Access Token Manipulation

Access Token Manipulation: Token Impersonation/Theft

Access Token Manipulation: Create Process with Token

Access Token Manipulation: Make and Impersonate Token

Access Token Manipulation: Parent PID Spoofing

Access Token Manipulation: SID-History Injection

Deobfuscate/Decode Files or Information

BITS Jobs

Indirect Command Execution

Traffic Signaling

Traffic Signaling: Port Knocking

Rogue Domain Controller

Exploitation for Defense Evasion

Signed Script Proxy Execution

Signed Script Proxy Execution: PubPrn

Signed Binary Proxy Execution

Signed Binary Proxy Execution: Compiled HTML File

Signed Binary Proxy Execution: Control Panel

Signed Binary Proxy Execution: CMSTP

Signed Binary Proxy Execution: InstallUtil

Signed Binary Proxy Execution: Mshta

Signed Binary Proxy Execution: Msiexec

Signed Binary Proxy Execution: Odbcconf

Signed Binary Proxy Execution: Regsvcs/Regasm

Signed Binary Proxy Execution: Regsvr32

Signed Binary Proxy Execution: Rundll32

XSL Script Processing

Template Injection

File and Directory Permissions Modification

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

File and Directory Permissions Modification: Linux and Mac File and Directory Permissions Modification

Execution Guardrails

Execution Guardrails: Environmental Keying

Group Policy Modification

Virtualization/Sandbox Evasion

Virtualization/Sandbox Evasion: System Checks

Virtualization/Sandbox Evasion: User Activity Based Checks

Virtualization/Sandbox Evasion: Time Based Evasion

Unused/Unsupported Cloud Regions

Pre-OS Boot

Pre-OS Boot: System Firmware

Pre-OS Boot: Component Firmware

Pre-OS Boot: Bootkit

Abuse Elevation Control Mechanism

Abuse Elevation Control Mechanism: Setuid and Setgid

Abuse Elevation Control Mechanism: Bypass User Access Control

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Abuse Elevation Control Mechanism: Elevated Execution with Prompt

Use Alternate Authentication Material

Use Alternate Authentication Material: Application Access Token

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Use Alternate Authentication Material: Web Session Cookie

Subvert Trust Controls

Subvert Trust Controls: Gatekeeper Bypass

Subvert Trust Controls: Code Signing

Subvert Trust Controls: SIP and Trust Provider Hijacking

Subvert Trust Controls: Install Root Certificate

Modify Authentication Process

Modify Authentication Process: Domain Controller Authentication

Modify Authentication Process: Password Filter DLL

Modify Authentication Process: Pluggable Authentication Modules

Impair Defenses

Impair Defenses: Disable or Modify Tools

Impair Defenses: Disable Windows Event Logging

Impair Defenses: HISTCONTROL

Impair Defenses: Disable or Modify System Firewall

Impair Defenses: Indicator Blocking

Impair Defenses: Disable or Modify Cloud Firewall

Hide Artifacts

Hide Artifacts: Hidden Files and Directories

Hide Artifacts: Hidden Users

Hide Artifacts: Hidden Window

Hide Artifacts: NTFS File Attributes

Hide Artifacts: Hidden File System

Hide Artifacts: Run Virtual Instance

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Modify Cloud Compute Infrastructure

Modify Cloud Compute Infrastructure: Create Snapshot

Modify Cloud Compute Infrastructure: Create Cloud Instance

Modify Cloud Compute Infrastructure: Delete Cloud Instance

Modify Cloud Compute Infrastructure: Revert Cloud Instance

Discovery

Select any Techniques used:

System Service Discovery

Application Window Discovery

Query Registry

System Network Configuration Discovery

Remote System Discovery

System Owner/User Discovery

Network Sniffing

Network Service Scanning

System Network Connections Discovery

Process Discovery

Permission Groups Discovery

Permission Groups Discovery: Local Groups

Permission Groups Discovery: Domain Groups

Permission Groups Discovery: Cloud Groups

System Information Discovery

File and Directory Discovery

Account Discovery

Account Discovery: Local Account

Account Discovery: Domain Account

Account Discovery: Email Account

Account Discovery: Cloud Account

Peripheral Device Discovery

System Time Discovery

Network Share Discovery

Password Policy Discovery

Browser Bookmark Discovery

Domain Trust Discovery

Virtualization/Sandbox Evasion

Virtualization/Sandbox Evasion: System Checks

Virtualization/Sandbox Evasion: User Activity Based Checks

Virtualization/Sandbox Evasion: Time Based Evasion

Software Discovery

Software Discovery: Security Software Discovery

Cloud Service Discovery

Cloud Service Dashboard

Execution

Select any Techniques used:

Windows Management Instrumentation

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Command and Scripting Interpreter

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: AppleScript

Command and Scripting Interpreter: Windows Command Shell

Command and Scripting Interpreter: Unix Shell

Command and Scripting Interpreter: Visual Basic

Command and Scripting Interpreter: Python

Command and Scripting Interpreter: JavaScript/JScript

Software Deployment Tools

Native API

Shared Modules

Exploitation for Client Execution

User Execution

User Execution: Malicious Link

User Execution: Malicious File

Inter-Process Communication

Inter-Process Communication: Component Object Model

Inter-Process Communication: Dynamic Data Exchange

System Services

System Services: Launchctl

System Services: Service Execution

Exfiltration

Select any Techniques used:

Exfiltration Over Other Network Medium

Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth

Automated Exfiltration

Scheduled Transfer

Data Transfer Size Limits

Exfiltration Over C2 Channel

Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Symmetric Encrypted Non-C2 Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Asymmetric Encrypted Non-C2 Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium

Exfiltration Over Physical Medium: Exfiltration over USB

Transfer Data to Cloud Account

Exfiltration Over Web Service

Exfiltration Over Web Service: Exfiltration to Code Repository

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Impact

Select any Techniques used:

Data Destruction

Data Encrypted for Impact

Service Stop

Inhibit System Recovery

Defacement

Defacement: Internal Defacement

Defacement: External Defacement

Firmware Corruption

Resource Hijacking

Network Denial of Service

Network Denial of Service: Direct Network Flood

Network Denial of Service: Reflection Amplification

Endpoint Denial of Service

Endpoint Denial of Service: OS Exhaustion Flood

Endpoint Denial of Service: Service Exhaustion Flood

Endpoint Denial of Service: Application Exhaustion Flood

Endpoint Denial of Service: Application or System Exploitation

System Shutdown/Reboot

Account Access Removal

Disk Wipe

Disk Wipe: Disk Content Wipe

Disk Wipe: Disk Structure Wipe

Data Manipulation

Data Manipulation: Stored Data Manipulation

Data Manipulation: Transmitted Data Manipulation

Data Manipulation: Runtime Data Manipulation

Initial Access

Select any Techniques used:

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Replication Through Removable Media

External Remote Services

Drive-by Compromise

Exploit Public-Facing Application

Supply Chain Compromise

Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Supply Chain Compromise: Compromise Software Supply Chain

Supply Chain Compromise: Compromise Hardware Supply Chain

Trusted Relationship

Hardware Additions

Phishing

Phishing: Spearphishing Attachment

Phishing: Spearphishing Link

Phishing: Spearphishing via Service

Lateral Movement

Select any Techniques used:

Remote Services

Remote Services: Remote Desktop Protocol

Remote Services: SMB/Windows Admin Shares

Remote Services: Distributed Component Object Model

Remote Services: SSH

Remote Services: VNC

Remote Services: Windows Remote Management

Software Deployment Tools

Taint Shared Content

Replication Through Removable Media

Exploitation of Remote Services

Internal Spearphishing

Use Alternate Authentication Material

Use Alternate Authentication Material: Application Access Token

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Use Alternate Authentication Material: Web Session Cookie

Remote Service Session Hijacking

Remote Service Session Hijacking: SSH Hijacking

Remote Service Session Hijacking: RDP Hijacking

Lateral Tool Transfer

Persistence

Select any Techniques used:

Boot or Logon Initialization Scripts

Boot or Logon Initialization Scripts: Logon Script (Windows)

Boot or Logon Initialization Scripts: Logon Script (Mac)

Boot or Logon Initialization Scripts: Network Logon Script

Boot or Logon Initialization Scripts: Rc.common

Boot or Logon Initialization Scripts: Startup Items

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Account Manipulation

Account Manipulation: Additional Azure Service Principal Credentials

Account Manipulation: Exchange Email Delegate Permissions

Account Manipulation: Add Office 365 Global Administrator Role

Account Manipulation: SSH Authorized Keys

External Remote Services

Create Account

Create Account: Local Account

Create Account: Domain Account

Create Account: Cloud Account

Office Application Startup

Office Application Startup: Office Template Macros

Office Application Startup: Office Test

Office Application Startup: Outlook Forms

Office Application Startup: Outlook Home Page

Office Application Startup: Outlook Rules

Office Application Startup: Add-ins

Browser Extensions

BITS Jobs

Traffic Signaling

Traffic Signaling: Port Knocking

Server Software Component

Server Software Component: SQL Stored Procedures

Server Software Component: Transport Agent

Server Software Component: Web Shell

Implant Container Image

Pre-OS Boot

Pre-OS Boot: System Firmware

Pre-OS Boot: Component Firmware

Pre-OS Boot: Bootkit

Create or Modify System Process

Create or Modify System Process: Launch Agent

Create or Modify System Process: Systemd Service

Create or Modify System Process: Windows Service

Create or Modify System Process: Launch Daemon

Event Triggered Execution

Event Triggered Execution: Change Default File Association

Event Triggered Execution: Screensaver

Event Triggered Execution: Windows Management Instrumentation Event Subscription

Event Triggered Execution: .bash_profile and .bashrc

Event Triggered Execution: Trap

Event Triggered Execution: LC_LOAD_DYLIB Addition

Event Triggered Execution: Netsh Helper DLL

Event Triggered Execution: Accessibility Features

Event Triggered Execution: AppCert DLLs

Event Triggered Execution: AppInit DLLs

Event Triggered Execution: Application Shimming

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: PowerShell Profile

Event Triggered Execution: Emond

Event Triggered Execution: Component Object Model Hijacking

Boot or Logon Autostart Execution

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Autostart Execution: Authentication Package

Boot or Logon Autostart Execution: Time Providers

Boot or Logon Autostart Execution: Winlogon Helper DLL

Boot or Logon Autostart Execution: Security Support Provider

Boot or Logon Autostart Execution: Kernel Modules and Extensions

Boot or Logon Autostart Execution: Re-opened Applications

Boot or Logon Autostart Execution: LSASS Driver

Boot or Logon Autostart Execution: Shortcut Modification

Boot or Logon Autostart Execution: Port Monitors

Boot or Logon Autostart Execution: Plist Modification

Compromise Client Software Binary

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Privilege Escalation

Select any Techniques used:

Boot or Logon Initialization Scripts

Boot or Logon Initialization Scripts: Logon Script (Windows)

Boot or Logon Initialization Scripts: Logon Script (Mac)

Boot or Logon Initialization Scripts: Network Logon Script

Boot or Logon Initialization Scripts: Rc.common

Boot or Logon Initialization Scripts: Startup Items

Scheduled Task/Job

Scheduled Task/Job: At (Linux)

Scheduled Task/Job: At (Windows)

Scheduled Task/Job: Cron

Scheduled Task/Job: Launchd

Scheduled Task/Job: Scheduled Task

Process Injection

Process Injection: Dynamic-link Library Injection

Process Injection: Portable Executable Injection

Process Injection: Thread Execution Hijacking

Process Injection: Asynchronous Procedure Call

Process Injection: Thread Local Storage

Process Injection: Ptrace System Calls

Process Injection: Proc Memory

Process Injection: Extra Window Memory Injection

Process Injection: Process Hollowing

Process Injection: Process Doppelgänging

Process Injection: VDSO Hijacking

Exploitation for Privilege Escalation

Valid Accounts

Valid Accounts: Default Accounts

Valid Accounts: Domain Accounts

Valid Accounts: Local Accounts

Valid Accounts: Cloud Accounts

Access Token Manipulation

Access Token Manipulation: Token Impersonation/Theft

Access Token Manipulation: Create Process with Token

Access Token Manipulation: Make and Impersonate Token

Access Token Manipulation: Parent PID Spoofing

Access Token Manipulation: SID-History Injection

Group Policy Modification

Create or Modify System Process

Create or Modify System Process: Launch Agent

Create or Modify System Process: Systemd Service

Create or Modify System Process: Windows Service

Create or Modify System Process: Launch Daemon

Event Triggered Execution

Event Triggered Execution: Change Default File Association

Event Triggered Execution: Screensaver

Event Triggered Execution: Windows Management Instrumentation Event Subscription

Event Triggered Execution: .bash_profile and .bashrc

Event Triggered Execution: Trap

Event Triggered Execution: LC_LOAD_DYLIB Addition

Event Triggered Execution: Netsh Helper DLL

Event Triggered Execution: Accessibility Features

Event Triggered Execution: AppCert DLLs

Event Triggered Execution: AppInit DLLs

Event Triggered Execution: Application Shimming

Event Triggered Execution: Image File Execution Options Injection

Event Triggered Execution: PowerShell Profile

Event Triggered Execution: Emond

Event Triggered Execution: Component Object Model Hijacking

Boot or Logon Autostart Execution

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Autostart Execution: Authentication Package

Boot or Logon Autostart Execution: Time Providers

Boot or Logon Autostart Execution: Winlogon Helper DLL

Boot or Logon Autostart Execution: Security Support Provider

Boot or Logon Autostart Execution: Kernel Modules and Extensions

Boot or Logon Autostart Execution: Re-opened Applications

Boot or Logon Autostart Execution: LSASS Driver

Boot or Logon Autostart Execution: Shortcut Modification

Boot or Logon Autostart Execution: Port Monitors

Boot or Logon Autostart Execution: Plist Modification

Abuse Elevation Control Mechanism

Abuse Elevation Control Mechanism: Setuid and Setgid

Abuse Elevation Control Mechanism: Bypass User Access Control

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Abuse Elevation Control Mechanism: Elevated Execution with Prompt

Hijack Execution Flow

Hijack Execution Flow: DLL Search Order Hijacking

Hijack Execution Flow: DLL Side-Loading

Hijack Execution Flow: Dylib Hijacking

Hijack Execution Flow: Executable Installer File Permissions Weakness

Hijack Execution Flow: LD_PRELOAD

Hijack Execution Flow: Path Interception by PATH Environment Variable

Hijack Execution Flow: Path Interception by Search Order Hijacking

Hijack Execution Flow: Path Interception by Unquoted Path

Hijack Execution Flow: Services File Permissions Weakness

Hijack Execution Flow: Services Registry Permissions Weakness

Hijack Execution Flow: COR_PROFILER

Topic Tags

Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)

What makes this of high-value to an attacker?

Vulnerable in default configuration

Unauthenticated

Observed in state-sponsored attacks

Observed in ransomware attacks

Gives privileged access

Easy to weaponize

Difficult to patch

Common in enterprise

CISA KEV Listed

What makes this of low-value to an attacker?

Vulnerable in uncommon configuration

Requires user interaction

Requires physical access

Requires elevated access

No useful access

Difficult to weaponize

Authenticated

Description

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

See More See Less

Ratings & Analysis
Vulnerability Details

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.7 Medium

Impact Score:

5.9

Exploitability Score:

0.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

BIOS various

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

lenovo

Products

ideacentre 3 07iab7 firmware m49kt1da
ideacentre 3 07ada05 firmware o4fkt33a
ideacentre 3 07imb05 firmware m2vkt1fa
ideacentre 5 14iab7 firmware m42kt40a
ideacentre 5 14acn6 firmware o5ekt23a
ideacentre 5 14are05 firmware o4zkt29a
ideacentre 5 14imb05 firmware o4hkt3aa
ideacentre 5 14iob6 firmware m3gkt38a
ideacentre 510 15ick firmware o4kkt16a
ideacentre 510a 15arr firmware o4dkt44a
ideacentre 510a 15ick firmware o4kkt16a
ideacentre 510s 07icb firmware m22kt48a
ideacentre 510s 07ick firmware m30kt27a
ideacentre 720 18apr firmware m25kt61a
ideacentre a340 22ast all in one firmware o4ckt23a
ideacentre a340 22icb all in one firmware o44kt32a
ideacentre a340 22ick all in one firmware o4pkt15a
ideacentre a340 22igm all in one firmware o51kt12a
ideacentre a340 22iwl all in one firmware o46kt36a
ideacentre a340 24icb all in one firmware o44kt32a
ideacentre a340 24ick all in one firmware o4pkt15a
ideacentre a340 24igm all in one firmware o51kt12a
ideacentre a340 24iwl all in one firmware o46kt36a
ideacentre aio 3 22ada05 firmware o4tkt29a
ideacentre aio 3 22ada6 firmware o5ckt24a
ideacentre aio 3 22iil5 firmware o56kt22a
ideacentre aio 3 22imb05 firmware o4rkt3a
ideacentre aio 3 22itl6 firmware o5akt31a
ideacentre aio 3 24ada6 firmware o5ckt24a
ideacentre aio 3 24alc6 firmware o5bkt24a
ideacentre aio 3 24are05 firmware o4skt28a
ideacentre aio 3 24iil5 firmware o56kt22a
ideacentre aio 3 24imb05 firmware o4rkt3a
ideacentre aio 3 24itl6 firmware o5akt31a
ideacentre aio 3 27alc6 firmware o5bkt24a
ideacentre aio 3 27imb05 firmware o4rkt3a
ideacentre aio 3 27itl6 firmware o5akt31a
ideacentre c5 14imb05 firmware o4hkt3aa
ideacentre e96z firmware m26kt24a
ideacentre g5 14amr05 firmware o4zkt29a
ideacentre g5 14imb05 firmware o4hkt3aa
ideacentre gaming 5 17acn7 firmware o5ekt23a
ideacentre gaming 5 17iab7 firmware m42kt40a
ideacentre gaming 5 14acn6 firmware o5ekt23a
ideacentre gaming 5 14iob6 firmware m3gkt38a
ideacentre m60e tiny firmware m3skt21a
ideacentre m625q firmware m1wkt46a
ideacentre m630e firmware m28kt39a
ideacentre m700 tiny firmware fwktbfa
ideacentre m70a firmware m2skt26a
ideacentre m70a gen 2 firmware m3nkt21a
ideacentre m70a gen 3 firmware m4ekt18a
ideacentre m70c firmware m2vkt1fa
ideacentre m70q firmware m2wkt55a
ideacentre m70q gen 2 firmware m3jkt35a
ideacentre m70q gen 3 firmware m43kt16a
ideacentre m70s firmware m2tkt50a
ideacentre m70s gen 3 firmware m41kt2da
ideacentre m70t firmware m2tkt50a
ideacentre m70t gen 3 firmware m41kt2da
ideacentre m710e firmware m1zkt39a
ideacentre m710q firmware m1akt56a
ideacentre m710s firmware m16kt69a
ideacentre m710t firmware m16kt69a
ideacentre m715q 2nd gen firmware m1xkt58a
ideacentre m715q firmware m11kt55a
ideacentre m715s firmware m2ckt4da
ideacentre m715t firmware m2ckt4da
ideacentre m720e firmware m30kt27a
ideacentre m720q firmware m1ukt6ba
ideacentre m720s firmware m1ukt6ba
ideacentre m720t firmware m1ukt6ba
ideacentre m725s firmware m25kt61a
ideacentre m75n firmware m33kt26a
ideacentre m75q gen 2 firmware m47kt24a
ideacentre m75q 1 firmware m2fkt2ea
ideacentre m75s gen 2 firmware m3akt44a
ideacentre m75s gen 2 firmware m3bkt2aa
ideacentre m75s gen 2 firmware m46kt2ba
ideacentre m75s 1 firmware m2ckt4da
ideacentre m75t gen 2 firmware m3akt44a
ideacentre m75t gen 2 firmware m3bkt2aa
ideacentre m75t gen 2 firmware m46kt2ba
ideacentre m800 firmware fwktbfa
ideacentre m80q firmware m2wkt55a
ideacentre m80q gen 3 firmware m4gkt1da
ideacentre m80s firmware m2tkt50a
ideacentre m80s gen 3 firmware m40kt2da
ideacentre m80t firmware m2tkt50a
ideacentre m80t gen 3 firmware m40kt2da
ideacentre m810z all in one firmware m1ckt50a
ideacentre m818z firmware m1ekt27a
ideacentre m820z all in one firmware m1nkt59a
ideacentre m900 firmware fwktbfa
ideacentre m900x firmware fwktbfa
ideacentre m90a firmware m2rkt55a
ideacentre m90a gen 2 firmware m3lkt26a
ideacentre m90a gen 3 firmware m4ikt17a
ideacentre m90q gen 2 firmware m3jkt35a
ideacentre m90q gen 3 firmware m4gkt1da
ideacentre m90q tiny firmware m2wkt55a
ideacentre m90s firmware m2tkt50a
ideacentre m90s gen 3 firmware m40kt2da
ideacentre m90t firmware m2tkt50a
ideacentre m90t gen 3 firmware m40kt2da
ideacentre m910q firmware m1akt56a
ideacentre m910s firmware m1akt56a
ideacentre m910t firmware m1akt56a
ideacentre m910x firmware m1akt56a
ideacentre m920q firmware m1ukt6ba
ideacentre m920s firmware m1ukt6ba
ideacentre m920t firmware m1ukt6ba
ideacentre m920x firmware m1ukt6ba
ideacentre mini 5 01imh05 firmware o4ekt17a
ideacentre neo 50s gen 3 firmware m49kt1da
ideacentre neo 50t gen 3 firmware m42kt40a
ideacentre neo 70t gen 3 firmware m40kt2da
ideacentre t540 15ama g firmware m2ckt4da
ideacentre t540 15ick firmware o4kkt16a
legion c530 19icb firmware o4bkt21a
legion t5 26iob6 firmware o54kt20a
legion t5 28icb05 firmware o4bkt21a
legion t530 28apr firmware o4gkt17a
legion t530 28icb firmware o4bkt21a
legion t7 34imz5 firmware o4lkt1fa
legion t7 34imz5 firmware o5fkt14a
n3310 storage firmware 5.05.0
n4610 storage firmware 5.05.0
qitian a815 firmware m1rkt39a
qt b415 firmware m16kt69a
qt m410 firmware m16kt69a
qt m415 firmware m16kt69a
thinkagile hx1021 edg firmware hye122f
thinkagile hx1320 firmware ive178i
thinkagile hx1321 firmware ive178i
thinkagile hx1331 firmware afe118m
thinkagile hx1520 r firmware ive178i
thinkagile hx1521 r firmware ive178i
thinkagile hx2320 firmware ive178i
thinkagile hx2320 e firmware ive178i
thinkagile hx2321 firmware ive178i
thinkagile hx2330 firmware afe118m
thinkagile hx2331 firmware afe118m
thinkagile hx2720 e firmware tee178i
thinkagile hx3320 firmware ive178i
thinkagile hx3321 firmware ive178i
thinkagile hx3330 firmware afe118m
thinkagile hx3331 firmware afe118m
thinkagile hx3375 firmware d8e128f
thinkagile hx3376 firmware d8e128f
thinkagile hx3520 g firmware ive178i
thinkagile hx3521 g firmware ive178i
thinkagile hx3720 firmware tee178i
thinkagile hx3721 firmware tee178i
thinkagile hx5520 firmware ive178i
thinkagile hx5520 c firmware ive178i
thinkagile hx5521 firmware ive178i
thinkagile hx5521 c firmware ive178i
thinkagile hx5530 firmware afe118m
thinkagile hx5531 firmware afe118m
thinkagile hx7520 firmware ive178i
thinkagile hx7521 firmware ive178i
thinkagile hx7530 firmware afe118m
thinkagile hx7531 firmware afe118m
thinkagile hx7820 firmware pse144n
thinkagile hx7821 firmware pse144n
thinkagile mx 1u mx3321 f firmware ive178i
thinkagile mx 1u mx3321 h firmware ive178i
thinkagile mx edge mx1020 firmware hye122f
thinkagile mx all flash firmware ive178i
thinkagile mx hybrid firmware ive178i
thinkagile mx1021 firmware hye122f
thinkagile mx3330 f all flash firmware afe118m
thinkagile mx3330 h hybrid firmware afe118m
thinkagile mx3331 f all flash firmware afe118m
thinkagile mx3331 h hybrid firmware afe118m
thinkagile mx3520 f all flash firmware ive178i
thinkagile mx3520 h hybrid firmware ive178i
thinkagile mx3530 f all flash firmware afe118m
thinkagile mx3530 h hybrid firmware afe118m
thinkagile mx3531 h hybrid firmware afe118m
thinkagile mx3531 f all flash firmware afe118m
thinkagile vx 1se firmware ise130e
thinkagile vx 1u firmware ive178i
thinkagile vx 2u firmware ive178i
thinkagile vx 2u4n firmware tee178i
thinkagile vx 4u firmware pse144n
thinkagile vx1320 firmware ise130e
thinkagile vx2320 firmware ive178i
thinkagile vx2330 firmware afe118m
thinkagile vx3320 firmware ive178i
thinkagile vx3330 firmware afe118m
thinkagile vx3331 firmware afe118m
thinkagile vx3520 g firmware ive178i
thinkagile vx3530 g firmware afe118m
thinkagile vx3720 firmware tee178i
thinkagile vx5520 firmware ive178i
thinkagile vx5530 firmware afe118m
thinkagile vx7320 n firmware ive178i
thinkagile vx7330 firmware afe118m
thinkagile vx7520 firmware ive178i
thinkagile vx7520 n firmware ive178i
thinkagile vx7530 firmware afe118m
thinkagile vx7531 firmware afe118m
thinkagile vx7820 firmware pse144n
thinkcentre e75s firmware m16kt69a
thinkcentre e75t firmware m16kt69a
thinkcentre m610 firmware m1akt56a
thinkcentre m6600q firmware fwktc0a
thinkcentre m6600s firmware fwktc0a
thinkcentre m6600t firmware fwktc0a
thinkcentre m700q firmware fwktc0a
thinkcentre m8600s firmware fwktc0a
thinkcentre m8600t firmware fwktc0a
thinkedge se30 firmware m3fkt29a
thinkserver rd350 firmware 5.05.0
thinkserver rd350g firmware vb3ts891
thinkserver rd450 firmware 5.05.0
thinkserver rd550 firmware 5.03.0
thinkserver rd650 firmware 5.05.0
thinkserver rs160 firmware vb1ts307
thinkserver rs260 firmware vb1ts307
thinkserver sd350 firmware 5.05.0
thinkserver sr588 firmware tee176k
thinkserver sr590 firmware tee176k
thinkserver sr860p firmware tee176k
thinkserver td350 firmware 5.04.0
thinkserver ts150 firmware 81i/b7s
thinkserver ts250 firmware 81i/b7s
thinkserver ts450 firmware fwktb7s
thinkserver ts460 firmware tb1ts307
thinkserver ts550 firmware fwktb7s
thinkserver ts560 firmware tb1ts307
thinksmart core & controller full room kit: microsoft teams rooms firmware m4ckt14a
thinksmart core & controller full room kit: zoom rooms firmware m4ckt14a
thinksmart core & controller kit: microsoft teams rooms firmware m4ckt14a
thinksmart core & controller kit: zoom rooms firmware m4ckt14a
thinksmart core device for logitech firmware m4ckt14a
thinksmart core device for poly firmware m4ckt14a
thinksmart core device: zoom rooms firmware m4ckt14a
thinksmart hub 500 firmware m23kt31a
thinksmart hub teams firmware m2xkt20a
thinksmart hub zoom firmware m2xkt20a
thinkstation p310 workstation firmware fwktc0a
thinkstation p320 tiny workstation firmware m1akt56a
thinkstation p320 workstation firmware s06kt61a
thinkstation p330 tiny workstation firmware m1ukt6ba
thinkstation p330 workstation 2nd gen firmware m1vkt6ba
thinkstation p330 workstation firmware m1vkt6ba
thinkstation p340 tiny workstation firmware m2wkt55a
thinkstation p340 workstation firmware s08kt50a
thinkstation p348 workstation firmware m3kkt36a
thinkstation p350 tiny workstation firmware m3jkt35a
thinkstation p350 workstation firmware s0akt35a
thinkstation p360 tiny workstation firmware m4gkt1da
thinkstation p520 workstation firmware s03kt55a
thinkstation p520c workstation firmware s03kt55a
thinkstation p620 workstation firmware s07kt4aa
thinkstation p720 workstation firmware s04kt62a
thinkstation p720 workstation firmware s04kt62p
thinkstation p920 workstation firmware s05kt62a
thinkstation p920 workstation firmware s05kt62p
thinkstation stadia ggp 120 firmware s03kt55a
thinkstation thinkstation p318 firmware m1akt56a
thinksystem dx1100u firmware ive178i
thinksystem dx8200d firmware ive178i
thinksystem hr610x firmware hr6n0661
thinksystem hr630x firmware hr6n0661
thinksystem hr650x firmware hr6n0661
thinksystem st50 firmware ite125a
thinksystem st58 firmware ite125a
v30a 22iml firmware m37kt29a
v30a 24iml firmware m37kt29a
v330 20icb all in one firmware m1qkt49a
v35s 07ada firmware o4fkt33a
v50a 22imb firmware m36kt31a
v50a 24imb firmware m36kt31a
v50s 07imb firmware m2vkt1fa
v50t 13imb firmware o4hkt3aa
v50t 13iob g2 firmware m3gkt38a
v520 firmware m16kt69a
v520s firmware m16kt69a
v530 15arr firmware o4dkt44a
v530 15icb firmware m1ykt72a
v530 15icr firmware m2ykt33a
v530 22icb all in one firmware m20kt53a
v530 24icb all in one firmware m20kt53a
v530s 07icb firmware m22kt48a
v530s 07icr firmware m30kt27a
v540 24iwl all in one firmware m29kt40a
v55t gen 2 13acn firmware o5jkt20a
v55t 15api firmware o4dkt44a
v55t 15are firmware o52kt23a
yangtian afq150 firmware fwktc0a
yoga a940 27icb all in one firmware o43kt43a
yta8900f firmware fwktc0a

References

Canonical

CVE-2022-40137 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40137)

Miscellaneous

https://support.lenovo.com/us/en/product_security/LEN-94953

Additional Info

Authenticated

Unknown

Exploitable

Unknown

Reliability

Unknown

Stability

Unknown

Available Mitigations

Unknown

Shelf Life

Unknown

Userbase/Installbase

Unknown

Patch Effectiveness

Unknown

Rapid7

Technical Analysis

Report as Emergent Threat Response

Please provide the link to the ETR blog if available.

Add a reference URL (optional):

Report as Zero-day Exploit

Please provide the link to the zero-day exploit reference.

Note: The source link you provide will create a new misc reference if it doesn't already exist.

Add a reference URL (optional):

Report as Exploited in the Wild

AttackerKB users want to know this is information they can trust.
Help the community by indicating the source(s) of your knowledge:

Vendor Advisory

Add a reference URL (required):

Please provide a link to the Vendor Advisory.
Government or Industry Alert

Add a reference URL (required):

Please provide a link to the Government or Industry Alert.
Threat Feed

Add a reference URL (required):

Please provide a link to the Threat Feed.
News Article or Blog

Add a reference URL (required):

Please provide a link to the News Reference.
Exploitation personally observed in an environment (client, customer, employer, or personal environment)

Add a reference URL (required):

Please provide a link or create an assessment as evidence to support your personal observation claim.
Other:

Please explain the source of your report.

Add a reference URL (required):

Please provide a link or create an assessment as evidence of the source of your report.

CVE ID

AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:

CVE ID:

Unknown

CVE-2022-40137

Unknown

Unknown

None

High

Local

CVE-2022-40137

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification