CVE-2022-31199 — Actively Exploited: Auditor (Netwrix)
Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly block
| CVE ID | CVE-2022-31199 |
|---|---|
| Vendor | Netwrix |
| Product | Auditor |
| Vulnerability name | Netwrix Auditor Insecure Object Deserialization Vulnerability |
| Date added | 2023-07-11 |
| Remediation due | 2023-08-01 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. |
| Description | Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →