Microsoft Endpoint Configuration Manager information disclosure

A vulnerability classified as problematic was found in Microsoft Endpoint Configuration Manager. This vulnerability affects unknown code. The manipulation leads to information disclosure. The weakness was disclosed 09/21/2022 as KB15498768. The advisory is shared for download at portal.msrc.microsoft.com. This vulnerability was named CVE-2022-37972. The attack can be initiated remotely. There are no technical details available. There is no exploit available. The current price for an exploit might be approx. USD $0-$5k at the moment. It is declared as not defined. As 0-day the estimated underground price was around $5k-$25k. The name of the patch is KB15498768. The bugfix is ready for download at aka.ms. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field09/21/2022 07:22 AM10/21/2022 11:36 AM
vendorMicrosoftMicrosoft
nameEndpoint Configuration ManagerEndpoint Configuration Manager
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prNN
cvss3_cna_uiNN
cvss3_cna_sUU
cvss3_cna_cHH
cvss3_cna_iNN
cvss3_cna_aNN
identifierKB15498768KB15498768
urlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37972https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37972
namePatchPatch
patch_nameKB15498768KB15498768
patch_urlhttps://aka.ms/KB15498768https://aka.ms/KB15498768
cveCVE-2022-37972CVE-2022-37972
cve_assigned1659909600 (08/08/2022)1659909600 (08/08/2022)
cve_cnaMicrosoft CorporationMicrosoft Corporation
cve_nvd_summaryMicrosoft Endpoint Configuration Manager Spoofing Vulnerability.Microsoft Endpoint Configuration Manager Spoofing Vulnerability.
date1663711200 (09/21/2022)1663711200 (09/21/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_eXX
cvss3_cna_basescore7.57.5
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.44.4
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.15.1
cvss3_meta_basescore6.46.8
cvss3_meta_tempscore6.36.7
price_0day$5k-$25k$5k-$25k
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iH
cvss3_nvd_aN
cvss3_nvd_basescore7.5

Might our Artificial Intelligence support you?

Check our Alexa App!