Arbitrary Code Execution Vulnerability in Authenticated Mail Users' File Uploads to Public Folders

Arbitrary Code Execution Vulnerability in Authenticated Mail Users' File Uploads to Public Folders

CVE-2022-42136 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands.

Learn more about our Cis Benchmark Audit For Microsoft Iis.