ID
VAR-202208-0654
CVE
CVE-2022-35753
TITLE
plural Microsoft Windows Remote code execution vulnerability in product
Trust: 0.8
DESCRIPTION
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. Microsoft Windows Point-to-Point Tunneling Protocol(PPTP)是美国微软(Microsoft)公司的一种网络协议,通过在基于 TCP/IP 的数据网络上创建虚拟专用网络 (VPN),可以将数据从远程客户端安全传输到私有企业服务器. Microsoft Windows Point-to-Point Tunneling Protocol 存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows Server 2022,Windows Server 2022 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 11 for x64-based Systems,Windows 11 for ARM64-based Systems,Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for x64-based Systems,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 21H1 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems
Trust: 2.25
AFFECTED PRODUCTS
| vendor: | microsoft | model: | windows 10 1607 | scope: | lt | version: | 10.0.14393.5291 | Trust: 1.0 |
| vendor: | microsoft | model: | windows 7 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2022 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2012 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows 10 1809 | scope: | lt | version: | 10.0.17763.3287 | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 20h2 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows 11 21h2 | scope: | lt | version: | 10.0.22000.856 | Trust: 1.0 |
| vendor: | microsoft | model: | windows 8.1 | scope: | lt | version: | 6.3.9600.20520 | Trust: 1.0 |
| vendor: | microsoft | model: | windows rt 8.1 | scope: | lt | version: | 6.3.9600.20520 | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2012 | scope: | eq | version: | r2 | Trust: 1.0 |
| vendor: | microsoft | model: | windows 10 1507 | scope: | lt | version: | 10.0.10240.19387 | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2016 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2008 | scope: | eq | version: | r2 | Trust: 1.0 |
| vendor: | microsoft | model: | windows server 2019 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | microsoft | model: | windows 10 20h2 | scope: | lt | version: | 10.0.19042.1889 | Trust: 1.0 |
| vendor: | microsoft | model: | windows 10 21h1 | scope: | lt | version: | 10.0.19043.1889 | Trust: 1.0 |
| vendor: | マイクロソフト | model: | microsoft windows server 2016 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 r2 for x64-based systems sp1 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server 2008 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 20h2 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2012 r2 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2022 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 for 32-bit systems sp2 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server 2022 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 r2 for x64-based systems sp1 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows 7 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 for x64-based systems sp2 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2012 r2 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server 2012 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2016 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows 8.1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server 2022 | scope: | eq | version: | (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2019 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 for 32-bit systems sp2 (server core installation) | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server 2019 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2022 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows 10 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows rt 8.1 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2019 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2016 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2008 for x64-based systems sp2 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2012 | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows 11 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | マイクロソフト | model: | microsoft windows server | scope: | eq | version: | 2012 (server core installation) | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
other
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Security Update Guide | url: | https://msrc.microsoft.com/update-guide/en-us/vulnerability/cve-2022-35753 | Trust: 0.8 |
| title: | Microsoft Windows Point-to-Point Tunneling Protocol Security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqbyid.tag?id=239745 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-35753 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-005709 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202208-2535 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-35753 | Trust: 0.1 |
REFERENCES
| url: | https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-35753 | Trust: 2.3 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-35753 | Trust: 0.8 |
| url: | https://www.ipa.go.jp/security/ciadr/vul/20220810-ms.html | Trust: 0.8 |
| url: | https://www.jpcert.or.jp/at/2022/at220021.html | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-35753/ | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-august-2022-39030 | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Yuki Chen</a> with Cyber KunLun</a>
Trust: 0.6
SOURCES
| db: | VULMON | id: | CVE-2022-35753 |
| db: | JVNDB | id: | JVNDB-2022-005709 |
| db: | NVD | id: | CVE-2022-35753 |
| db: | CNNVD | id: | CNNVD-202208-2535 |
LAST UPDATE DATE
2023-12-18T13:00:39.632000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2022-35753 | date: | 2023-06-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-005709 | date: | 2023-06-09T04:01:00 |
| db: | NVD | id: | CVE-2022-35753 | date: | 2023-06-07T20:53:15.907 |
| db: | CNNVD | id: | CNNVD-202208-2535 | date: | 2023-06-08T00:00:00 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2022-35753 | date: | 2023-05-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-005709 | date: | 2023-06-09T00:00:00 |
| db: | NVD | id: | CVE-2022-35753 | date: | 2023-05-31T19:15:16.877 |
| db: | CNNVD | id: | CNNVD-202208-2535 | date: | 2022-08-09T00:00:00 |