How severe is CVE-2022-29800?

CVE-2022-29800 has a CVSS v3 score of 4.7 (MEDIUM).

CVE-2022-29800

Name: windows_defender_for_endpoint
Author: microsoft

4.7MEDIUM

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being

Veröffentlicht: 9/21/2022Aktualisiert: 5/28/2025

Beschreibung

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

KI-AnalyseKI-gestützt

Betroffene Produkte

microsoftwindows_defender_for_endpoint

Referenzen

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
ExploitTechnical DescriptionVendor Advisory
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
ExploitTechnical DescriptionVendor Advisory