CVE-2022-21972

HIGH8.1

High EPSS

JSON export Create alert

Description

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / Windows 10 Version 150710.0.10240.0 – 10.0.10240.19297
Microsoft / Windows 10 Version 160710.0.14393.0 – 10.0.14393.5125
Microsoft / Windows 10 Version 180910.0.0 – 10.0.17763.2928
Microsoft / Windows 10 Version 180910.0.17763.0 – 10.0.17763.2928
Microsoft / Windows 10 Version 190910.0.0 – 10.0.18363.2274
Microsoft / Windows 10 Version 20H210.0.0 – 10.0.19042.1706
Microsoft / Windows 10 Version 21H110.0.0 – 10.0.19043.1706
Microsoft / Windows 10 Version 21H210.0.19043.0 – 10.0.19043.1706
Microsoft / Windows 11 version 21H210.0.0 – 10.0.22000.675
Microsoft / Windows 76.1.0 – 6.1.7601.25954
Microsoft / Windows 7 Service Pack 16.1.0 – 6.1.7601.25954
Microsoft / Windows 8.16.3.0 – 6.3.9600.20371
Microsoft / Windows Server 2008 R2 Service Pack 16.1.7601.0 – 6.1.7601.25954
Microsoft / Windows Server 2008 R2 Service Pack 1 (Server Core installation)6.1.7601.0 – 6.1.7601.25954
Microsoft / Windows Server 2008 Service Pack 26.0.6003.0 – 6.0.6003.21481
Microsoft / Windows Server 2008 Service Pack 2 (Server Core installation)6.0.6003.0 – 6.0.6003.21481
Microsoft / Windows Server 20126.2.9200.0 – 6.2.9200.23714
Microsoft / Windows Server 2012 R26.3.9600.0 – 6.3.9600.20371
Microsoft / Windows Server 2012 R2 (Server Core installation)6.3.9600.0 – 6.3.9600.20371
Microsoft / Windows Server 2012 (Server Core installation)6.2.9200.0 – 6.2.9200.23714
Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.5125
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.5125
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.2928
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.2928
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.707
Microsoft / Windows Server version 20H210.0.0 – 10.0.19042.1706

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21972