CVE-2022-26924
Published: 15 April 2022
Summary
CVE-2022-26924 is a high-severity an unspecified weakness vulnerability in Microsoft Yet Another Reverse Proxy. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-26924 is a denial of service vulnerability affecting YARP, rated at CVSS 7.5 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness permits remote interference with service availability while requiring no credentials or user interaction.
An unauthenticated attacker positioned on the network can trigger the flaw to produce a high impact on availability of the affected YARP component. No information is supplied on specific attack primitives or prerequisites beyond the CVSS metrics.
Microsoft security response center guidance for the issue is published at the listed references and addresses available updates or configuration changes. The associated EPSS values remain low, with a recorded peak of 0.0968 and a current score of 0.0793.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-1683
Vulnerability details
YARP Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.