CVE-2022-23748
Published: 17 November 2022
Summary
CVE-2022-23748 is a high-severity Process Control (CWE-114) vulnerability in Audinate Dante Application Library. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-3 (Malicious Code Protection) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
mDNSResponder.exe, a component of Audinate's Dante Discovery software, is vulnerable to DLL sideloading because the executable does not properly specify the DLL search path, folder, or loading conditions. The flaw is tracked as CVE-2022-23748 with a CVSS 3.1 score of 7.8 and is associated with CWE-114 and CWE-426.
An attacker with the ability to place a malicious DLL in a location that mDNSResponder.exe will load can execute arbitrary code with the privileges of the legitimate process. Exploitation requires local access and user interaction to trigger the executable, after which the attacker can achieve full confidentiality, integrity, and availability impact on the affected system.
Audinate has published guidance addressing the Dante Discovery mDNSResponder.exe issue, while Check Point researchers have published technical details on the sideloading vector. The vulnerability appears in CISA's Known Exploited Vulnerabilities catalog, confirming real-world exploitation activity.
EPSS scores have remained in a narrow band near 0.10 with a recorded peak of 0.1174, indicating moderate and relatively stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28684
Vulnerability details
mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
- CWE(s)
- KEV Date Added
- 06 February 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks loading of the attacker-supplied malicious DLL by mDNSResponder.exe through malicious-code detection and prevention mechanisms.
Verifies integrity of DLLs before mDNSResponder.exe loads them, detecting unauthorized or tampered files placed in searched directories.
Enforces access-control policy on directories in the DLL search path so that unprivileged users cannot write the malicious DLL that the executable will load.