CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 1, 2023

High

CISA KEVRansomware

CVE-2022-31199

Netwrix—Auditor

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Required Action

Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003; https://nvd.nist.gov/vuln/detail/CVE-2022-31199

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Known
Published: Jul 11, 2023
KEV Added: Jul 11, 2023
Due Date: Aug 1, 2023
Related Articles: 0

Vendor

Netwrix

Auditor