Netwrix Auditor Insecure Object Deserialization Vulnerability

Critical Threat Advisory: This vulnerability is documented in active Ransomware campaigns. Immediate remediation required.

Technical Severity

CVSS v3.1 Metrics

CRITICAL

9.8 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Likelihood

EPSS Prediction

8.05 %

Predictive Probability

Percentile Rank

91.9 th

Documented as more likely to be exploited than 91.9% of known CVEs.

Detection Date

Jul 11, 2023

Remediation Due

Aug 01, 2023

CISA Catalog Active

Threat Analysis

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Remediation Directive

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Asset Context

Vendor Identity

Netwrix

Affected Product

Auditor

Ransomware Status

Campaign Use Known

Weakness Classification

CWE-502 CWE-122

External Intelligence

Patch application requires login to customer portal:

https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2022-31199