hrbrmstr/cisa-known-exploited-vulns

KEV Release: 2022-06-14

hrbrmstr opened this issue · 0 comments

hrbrmstr commented

KEV Release: 2022-06-14

1 CVE in this release.

  • CVE-2022-30190: Local/Adjacent (Microsoft:Windows) Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability :: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

    Additional Information

    • CVSS 7.8
    • Severity: HIGH
    • Attack Vector: LOCAL
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: REQUIRED
    • Impact: 5.9
    • CWE: NVD-CWE-noinfo
    • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    • EPSS: 0.695890000 / 0.990780000
    • In The Wild: https://inthewild.io/vuln/CVE-2022-30190