CVE-2022-29799

Published on: Not Yet Published

Last Modified on: 09/23/2022 05:24:00 PM UTC

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Windows Defender For Endpoint from Microsoft contain the following vulnerability:

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.

  • CVE-2022-29799 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVE References

Description Tags Link
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn - Microsoft Security Blog www.microsoft.com
text/html
URL Logo MISC www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

Related QID Numbers

  • 198761 Ubuntu Security Notification for networkd-dispatcher Vulnerabilities (USN-5395-1)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftWindows Defender For EndpointAllAllAllAll
  • cpe:2.3:a:microsoft:windows_defender_for_endpoint:*:*:*:*:*:linux:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @campuscodi Microsoft report on Nimbuspwn, two vulnerabilities (CVE-2022-29799 and CVE-2022-29800) in the Linux systemd network… twitter.com/i/web/status/1… 2022-04-26 18:42:19
Twitter Icon @EurekaBerry マイクロソフトの脆弱性調査チームが発見したLinuxの特権昇格の脆弱性 CVE-2022-29799 CVE-2022-29800 (Nimbuspwn) の解説と検知方法 なお脆弱性は修正済み microsoft.com/security/blog/… 2022-04-26 23:32:46
Twitter Icon @securezoo Microsoft discovers Nimbuspwn Linux vulnerabilities (CVE-2022-29799 and CVE-2022-29800): buff.ly/3LmNW7ktwitter.com/i/web/status/1… 2022-04-27 00:54:45
Twitter Icon @ohhara_shiojiri CVE-2022-29799 and CVE-2022-29800 2022-04-27 00:58:59
Twitter Icon @Flash162011 Microsoft report on Nimbuspwn, two vulnerabilities (CVE-2022-29799 and CVE-2022-29800) in the Linux systemd network… twitter.com/i/web/status/1… 2022-04-27 01:44:22
Twitter Icon @kanunicipher Nimbuspwn CVE-2022-29799 and CVE-2022-29800 can be chained together to gain root privileges on Linux based on syste… twitter.com/i/web/status/1… 2022-04-27 03:56:24
Twitter Icon @ipssignatures The vuln CVE-2022-29799 has a tweet created 0 days ago and retweeted 14 times. twitter.com/EurekaBerry/st… #pow1rtrtwwcve 2022-04-27 04:06:00
Twitter Icon @the_yellow_fall CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… #opensource #infosec #security #pentest 2022-04-27 05:09:04
Twitter Icon @AcooEdi CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability dlvr.it/SPJqL2 via securityonline https://t.co/74mQIC5Uko 2022-04-27 05:10:03
Twitter Icon @catnap707 New Nimbuspwn Linux vulnerability gives hackers root privileges bleepingcomputer.com/news/security/… "Tracked as CVE-2022-29799… twitter.com/i/web/status/1… 2022-04-27 08:18:35
Twitter Icon @moton CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability - securityonline.info/cve-2022-29799… 2022-04-27 08:56:25
Twitter Icon @Dinosn CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… 2022-04-27 09:14:11
Twitter Icon @d34dr4bbit CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability aeternusmalus.wordpress.com/2022/04/27/cve… 2022-04-27 09:29:04
Twitter Icon @shah_sheikh Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800): Mic… twitter.com/i/web/status/1… 2022-04-27 10:46:05
Twitter Icon @evanderburg Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-04-27 10:46:07
Twitter Icon @PoseidonTPA Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-04-27 10:52:03
Twitter Icon @helpnetsecurity Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines - helpnetsecurity.com/2022/04/27/cve… -… twitter.com/i/web/status/1… 2022-04-27 10:52:06
Twitter Icon @cipherstorm Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800): Mic… twitter.com/i/web/status/1… 2022-04-27 10:52:33
Twitter Icon @DeepFriedCyber Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-04-27 10:55:09
Twitter Icon @test2v Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) -… twitter.com/i/web/status/1… 2022-04-27 11:01:34
Twitter Icon @eagerbeavertech thehackernews.com/2022/04/micros… On top of that, the defects - tracked as CVE-2022-29799 and CVE-2022-29800 - could also… twitter.com/i/web/status/1… 2022-04-27 11:03:34
Twitter Icon @IT_securitynews Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) itsecuritynews.info/nimbuspwn-bugs… 2022-04-27 11:13:37
Twitter Icon @Xc0resecurity Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) dlvr.it/SPKmD9 2022-04-27 11:21:03
Twitter Icon @joviannfeed Help Net Security | "Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799,… twitter.com/i/web/status/1… 2022-04-27 11:28:10
Twitter Icon @netsecu helpnetsecurity.com/2022/04/27/cve… Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-297… twitter.com/i/web/status/1… 2022-04-27 12:00:05
Twitter Icon @DonMalloy Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-04-27 12:08:04
Twitter Icon @cyberreport_io Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… 2022-04-27 12:17:34
Twitter Icon @nicoboettcher Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) buff.ly/3LlduBL 2022-04-27 12:21:51
Twitter Icon @CVEtrends Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-29799: 1.8M (audience size) CVE-2022-29800: 1.8M CVE-2022-294… twitter.com/i/web/status/1… 2022-04-27 13:00:03
Twitter Icon @ProHoster_info Исследователи безопасности из компании Microsoft выявили две уязвимости (CVE-2022-29799, CVE-2022-29800) в сервис… twitter.com/i/web/status/1… 2022-04-27 13:38:05
Twitter Icon @Har_sia CVE-2022-29799 har-sia.info/CVE-2022-29799… #HarsiaInfo 2022-04-27 15:02:16
Twitter Icon @TychronC Tracked as CVE-2022-29799 and CVE-2022-29800, the Nimbuspwn security issues were discovered in networkd-dispatcher,… twitter.com/i/web/status/1… 2022-04-27 17:18:30
Twitter Icon @SecurityNewsbot Nimbuspwn bugs allow attackers to gain #root privileges on some #Linux machines (CVE-2022-29799,... helpnetsecurity.com/2022/04/27/cve… #HelpNetSecurity 2022-04-27 17:30:10
Twitter Icon @netalexx Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… 2022-04-27 17:37:21
Twitter Icon @aluandalee CVE-2022-29800 e CVE-2022-29799. microsoft.com/security/blog/… 2022-04-27 17:39:30
Twitter Icon @HanjoLix Updates zum Fixen von CVE-2022-29799 CVE-2022-29800 finden... heise.de/-7067100 2022-04-27 18:16:16
Twitter Icon @rkx73 #CVE-2022-29799 #CVE-2022-29800 2 vulnerabilidades críticas en el sistema operativo Linux permiten instalar backdo… twitter.com/i/web/status/1… 2022-04-27 18:19:32
Twitter Icon @kalindey تكتشف Microsoft مجموعة من ثغرتين جديدتين لتصعيد امتيازات الجذر تؤثر على أنظمة Linux - تم تتبعهما كـ CVE-2022-29799… twitter.com/i/web/status/1… 2022-04-27 18:22:53
Twitter Icon @trentnovelly So will the CVE entries follow the usual Microsoft template? CVE-2022-29799: "linux elevation of privilege. This C… twitter.com/i/web/status/1… 2022-04-27 18:32:57
Twitter Icon @ptracesecurity CVE-2022-29799 & CVE-2022-29800: Linux Privilege Escalation Vulnerability securityonline.info/cve-2022-29799… #Pentesting… twitter.com/i/web/status/1… 2022-04-27 19:01:48
Twitter Icon @Whitehead4Jeff Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… 2022-04-27 19:18:01
Twitter Icon @joho68 "Microsoft finds Linux desktop flaw that gives root to untrusted users" ? arstechnica.com/information-te… CVE-2022-29799… twitter.com/i/web/status/1… 2022-04-27 20:30:23
Twitter Icon @foxbook Nimbuspwnのバグにより、攻撃者は一部のLinuxマシンでroot権限を取得できます(CVE-2022-29799、CVE-2022-29800) helpnetsecurity.com/2022/04/27/cve… 2022-04-27 20:40:24
Twitter Icon @LanceSchukies Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) -… twitter.com/i/web/status/1… 2022-04-27 21:25:00
Twitter Icon @__motojiro__ これ、2つの脆弱性fixされている?ubuntuのcve tracker見たらneed triageってなってるけど... ubuntu.com/security/CVE-2… ubuntu.com/security/CVE-2… 2022-04-28 00:56:40
Twitter Icon @ipssignatures The vuln CVE-2022-29799 has a tweet created 0 days ago and retweeted 10 times. twitter.com/Dinosn/status/… #pow1rtrtwwcve 2022-04-28 02:06:00
Twitter Icon @troglod Vulnerabilidad: Nimbuspwn | CVE-2022-29799 y CVE-2022-29800 noticiasseguridad.com/vulnerabilidad… 2022-04-28 05:18:51
Twitter Icon @Decio_o_o ⚠️? CVE-2022-29799 CVE-2022-29800 Mise à jour recommandée vers la version 2.2 de networkd-dispatcher pour les dis… twitter.com/i/web/status/1… 2022-04-28 08:23:13
Twitter Icon @ciberconsejo [CVE-2022-29799 - CVE-2022-29800] Nimbuspwn, una vulnerabilidad en networkd-dispatcher que permite ejecutar comando… twitter.com/i/web/status/1… 2022-04-28 08:44:04
Twitter Icon @SocuraMDR Microsoft discovered vulnerabilities in the networkd-dispatcher daemon; CVE-2022-29799 and CVE-2022-29800 (Nimbuspw… twitter.com/i/web/status/1… 2022-04-28 11:28:20
Twitter Icon @ThreatMonIT Beyond that, vulnerabilities tracked as CVE-2022-29799 and CVE-2022-29800 can be used as root access to deploy soph… twitter.com/i/web/status/1… 2022-04-28 11:54:45
Twitter Icon @Myinfosecfeed New post: "nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable" ift.tt/Vb8UdWP 2022-04-28 12:49:21
Twitter Icon @__seyyid__ #رشتو /4 با این منطق مهاجمین میتونن با استفاده از آسیب پذیری Directory traversal (CVE-2022-29799) ، اسکریپت های مسی… twitter.com/i/web/status/1… 2022-04-28 12:54:26
Twitter Icon @_r_netsec nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable github.com/jfrog/nimbuspw… 2022-04-28 12:58:07
Twitter Icon @CybrXx0 nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable via /r/net… twitter.com/i/web/status/1… 2022-04-28 12:59:29
Twitter Icon @AI89Hayate 【緊急】 Nimbuspwnなる危険な脆弱性が現われました。対策を施すまでお待ち下さい。 ubuntu.com/security/CVE-2… 2022-04-28 13:25:20
Twitter Icon @beingsheerazali nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable… twitter.com/i/web/status/1… 2022-04-28 13:32:16
Twitter Icon @Har_sia CVE-2022-29799 har-sia.info/CVE-2022-29799… #HarsiaInfo 2022-04-28 15:03:09
Twitter Icon @helpnetsecurity Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines - helpnetsecurity.com/2022/04/27/cve… -… twitter.com/i/web/status/1… 2022-04-28 17:30:13
Twitter Icon @netsecu socprime.com/blog/cve-2022-… CVE-2022-29799 and CVE-2022-29800 Detection: Novel Privilege Escalation Vulnerabilities in… twitter.com/i/web/status/1… 2022-04-28 18:15:04
Twitter Icon @JfersonVeiga2 CVE-2022-29799 2022-04-28 20:44:11
Twitter Icon @Pierozi ?#Nimbuspwn vulnerability Latest Linux #exploit to be root before lunchtime CVE-2022-29799 CVE-2022-29800 2022-04-28 20:52:22
Twitter Icon @SeYasashi CVE-2022-29799,CVE-2022-29800の修正パッケージがUbuntuでリリースされたか launchpad.net/ubuntu/+source… 2022-04-28 22:22:23
Twitter Icon @waiha8 “Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - H… twitter.com/i/web/status/1… 2022-04-29 06:29:28
Twitter Icon @willysr2804 Luckily, Slackware is not affected by CVE-2022-29799 and CVE-2022-29800 aka Nimbuspwn 2022-04-29 07:40:13
Twitter Icon @SOC_Prime Microsoft researchers reveal novel #Nimbuspwn #vulnerabilities CVE-2022-29799 and CVE-2022-29800 on #Linux systems.… twitter.com/i/web/status/1… 2022-04-29 08:55:56
Twitter Icon @edkedris novel #Nimbuspwn #vulnerabilities CVE-2022-29799 and CVE-2022-29800 on #Linux systems. twitter.com/edkedris/statu… 2022-04-29 09:17:08
Twitter Icon @ipssignatures The vuln CVE-2022-29799 has a tweet created 0 days ago and retweeted 10 times. twitter.com/_r_netsec/stat… #pow1rtrtwwcve 2022-04-29 10:06:01
Twitter Icon @vitinhlugia Nhóm Nghiên cứu Bộ bảo vệ Microsoft 365 đã phát hiện ra các lỗ hổng được theo dõi là CVE-2022-29799 và CVE-2022-29800. 2022-04-29 14:02:36
Twitter Icon @Har_sia CVE-2022-29799 har-sia.info/CVE-2022-29799… #HarsiaInfo 2022-04-29 15:03:46
Twitter Icon @Har_sia CVE-2022-29799 har-sia.info/CVE-2022-29799… #HarsiaInfo 2022-04-29 18:24:17
Twitter Icon @Dinosn nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable reddit.com/r/netsec/comme… 2022-04-29 20:24:12
Twitter Icon @jw4lsec KQL/MDE query for hunting #nimbuspwn (CVE-2022-29799 and CVE-2022-29800). Focuses on the networkd-dispatcher proces… twitter.com/i/web/status/1… 2022-04-29 20:50:11
Twitter Icon @beingsheerazali nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable reddit.com/r/netsec/comme… Dinosn 2022-04-30 02:13:59
Twitter Icon @CKsTechNews Nimbuspwn detector - Script to check against CVE-2022-29799 & CVE-2022-29800 Project github.com/jfrog/nimbuspw… https://t.co/VBt8wc8ZxW 2022-04-30 15:33:05
Twitter Icon @malwaresick Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-04-30 17:04:00
Twitter Icon @s_adachi Good summary of CVE-2022-29799 and CVE-2022-29800, vulnerabilities on Linux found by Microsoft. lnkd.in/eTkMZZim 2022-04-30 21:55:46
Twitter Icon @jackfusion helpnetsecurity.com/2022/04/27/cve… 2022-05-01 00:01:25
Twitter Icon @Decio_o_o mise à niveau de networkd-dispatcher effectuée dans les repos d'Ubuntu: ubuntu.com/security/CVE-2…twitter.com/i/web/status/1… 2022-05-02 07:04:42
Twitter Icon @secalertsasia Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… 2022-05-02 08:38:15
Twitter Icon @rushisec My exploit script for Nimbuspwn (CVE-2022-29799/CVE-2022-29800) has been released and is available below. Method fo… twitter.com/i/web/status/1… 2022-05-03 09:07:04
Twitter Icon @jhl128 Nimbuspwn. Chainging two vulnerabilities together to gain root privileges on Linux systems: CVE-2022-29799 (Directo… twitter.com/i/web/status/1… 2022-05-04 00:38:44
Twitter Icon @ashokkrishna99 fourcore.io/blogs/nimbuspw… 2022-05-04 11:04:39
Twitter Icon @Lulztigre fourcore.io/blogs/nimbuspw… https://t.co/Tg9RLQAtDF 2022-05-04 11:27:44
Twitter Icon @Attackerkb_Bot A new #attackerkb assesment on 'CVE-2022-29799' has been created by rbowes-r7. Attacker Value: 1 | Exploitability: 1 attackerkb.com/assessments/ef… 2022-05-04 22:45:41
Twitter Icon @IgorOs6 Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - He… twitter.com/i/web/status/1… 2022-05-13 17:04:07
Twitter Icon @web4x4_es Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)… twitter.com/i/web/status/1… 2022-05-16 10:13:09
Twitter Icon @auser @hakluke securityonline.info/cve-2022-29799… not tooooo old 2022-05-18 11:12:44
Twitter Icon @techadversary nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable… twitter.com/i/web/status/1… 2022-06-11 21:45:33
Twitter Icon @CVEreport CVE-2022-29799 : A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are saniti… twitter.com/i/web/status/1… 2022-09-21 19:07:58
Reddit Logo Icon /r/netsec nimbuspwn detector (CVE-2022-29799 & CVE-2022-29800) - check whether local system is possibly vulnerable 2022-04-28 12:43:41
Reddit Logo Icon /r/SecOpsDaily [CVE-2022-29799 / CVE-2022-29800] nimbuspwn detection tool released by jfrog 2022-04-29 06:08:39
Reddit Logo Icon /r/programming Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800) - Help Net Security 2022-04-29 17:04:00
Reddit Logo Icon /r/netcve CVE-2022-29799 2022-09-21 20:38:48
© CVE.report 2022 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report