High
CVE-2022-21857
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
High
(1 user assessed)
Moderate
(1 user assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
Active Directory Domain Services Elevation of Privilege Vulnerability.
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityMedium
Technical Analysis
Privilege escalation in Active Directory Domain Services that allows for elevation of privilege across a network.
Given how popular Active Directory is this is pretty serious and I imagine this will likely be a very popular way to escalate privileges in internal engagements should an exploit come out for this.
Bug is noted as being related to Active Directory Domain Service environments that have incoming trusts, and that the bug allows attackers to escalate privileges across the trust boundary under certain conditions.
The fact that this is labeled as “under certain conditions” leads me to believe that this may not be a default configuration which is why I have labeled it as such in my report. However I would also provide a slight counterpoint to this in that AD networks are often sprawling and complex so there is a good likelihood that this may be enabled in some part of the network even if you are not aware of it.
Definitely one to patch if you are running AD networks.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
Vendors
- Microsoft
Products
- Windows,
- Windows Server,
- Windows 10 Version 1909 for 32-bit Systems,
- Windows 10 Version 1909 for x64-based Systems,
- Windows 10 Version 1909 for ARM64-based Systems,
- Windows 10 Version 21H1 for x64-based Systems,
- Windows 10 Version 21H1 for ARM64-based Systems,
- Windows 10 Version 21H1 for 32-bit Systems,
- Windows Server 2022,
- Windows Server 2022 (Server Core installation),
- Windows 10 Version 20H2 for x64-based Systems,
- Windows 10 Version 20H2 for 32-bit Systems,
- Windows 10 Version 20H2 for ARM64-based Systems,
- Windows Server, version 20H2 (Server Core Installation),
- Windows 11 for x64-based Systems,
- Windows 11 for ARM64-based Systems,
- Windows 10 Version 21H2 for 32-bit Systems,
- Windows 10 Version 21H2 for ARM64-based Systems,
- Windows 10 Version 21H2 for x64-based Systems
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
