How severe is CVE-2022-29800?

CVE-2022-29800 has a CVSS v3 score of 4.7 (MEDIUM).

CVE-2022-29800

Name: windows_defender_for_endpoint
Author: microsoft

4.7MEDIUM

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being

Publicado: 9/21/2022Atualizado: 5/28/2025

Descrição

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

Análise IADesenvolvido por IA

Produtos Afetados

microsoftwindows_defender_for_endpoint

Referências

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
ExploitTechnical DescriptionVendor Advisory
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
ExploitTechnical DescriptionVendor Advisory