Cyber Resilience

CVE-2022-23748

HighCISA KEVActive ExploitationEUVD ExploitedLPE

Published: 17 November 2022

Published
17 November 2022
Modified
24 October 2025
KEV Added
06 February 2025
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1034 93.4th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23748 is a high-severity Process Control (CWE-114) vulnerability in Audinate Dante Application Library. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-3 (Malicious Code Protection) and SI-7 (Software, Firmware, and Information Integrity).

Deeper analysis

mDNSResponder.exe, a component of Audinate's Dante Discovery software, is vulnerable to DLL sideloading because the executable does not properly specify the DLL search path, folder, or loading conditions. The flaw is tracked as CVE-2022-23748 with a CVSS 3.1 score of 7.8 and is associated with CWE-114 and CWE-426.

An attacker with the ability to place a malicious DLL in a location that mDNSResponder.exe will load can execute arbitrary code with the privileges of the legitimate process. Exploitation requires local access and user interaction to trigger the executable, after which the attacker can achieve full confidentiality, integrity, and availability impact on the affected system.

Audinate has published guidance addressing the Dante Discovery mDNSResponder.exe issue, while Check Point researchers have published technical details on the sideloading vector. The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog, confirming real-world exploitation activity.

EPSS scores have remained in a narrow band near 0.10 with a recorded peak of 0.1174, indicating moderate and relatively stable exploitation interest since disclosure.

EU & UK References

Vulnerability details

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

CWE(s)
KEV Date Added
06 February 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

audinate
dante application library
≤ 1.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks loading of the attacker-supplied malicious DLL by mDNSResponder.exe through malicious-code detection and prevention mechanisms.

prevent

Verifies integrity of DLLs before mDNSResponder.exe loads them, detecting unauthorized or tampered files placed in searched directories.

prevent

Enforces access-control policy on directories in the DLL search path so that unprivileged users cannot write the malicious DLL that the executable will load.

References