Main Vulnerability Database Exploits ID:8772 - Exploit for Spoofing attack in Windows Server and Windows - CVE-2022-34689

ID:8772 - Exploit for Spoofing attack in Windows Server and Windows - CVE-2022-34689

Published: January 27, 2023

Vulnerability identifier: #VU68136

Vulnerability risk: Medium

CVE-ID: CVE-2022-34689

CWE-ID: CWE-451

Exploitation vector: Remote access

Vulnerable software:
Windows Server
Windows

Link to public exploit:

https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689

Vulnerability description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in the Windows CryptoAPI. A remote attacker can manipulate an existing public x.509 certificate, spoof page content and and perform actions such as authentication or code signing as the targeted certificate.

Remediation

Install updates from vendor's website.

ID:8772 - Exploit for Spoofing attack in Windows Server and Windows - CVE-2022-34689

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human