CVE-2022-37972

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 20, 2022

Updated: Jan 2, 2025

Summary

CVE-2022-37972 is a spoofing vulnerability affecting Microsoft Endpoint Configuration Manager. attackers can manipulate the software's behavior by deceitfully masquerading as a trusted source, potentially leading to unauthorized actions within the system. This issue poses a significant risk to organizations using the Endpoint Configuration Manager, as it could allow attackers to gain unauthorized access and control, compromising security and potentially leading to data breaches. Microsoft has released a patch to address this vulnerability, and it is strongly recommended that affected organizations install it as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

System Center Configuration Manager

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners