CVE-2022-24491

CRITICAL

Windows Network File System < - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24491. PoCs published by corelight.

AI-analyzed exploit summary This repository provides a Zeek detector for CVE-2022-24491, which monitors for RPC portmap set and dump actions indicative of exploitation attempts. It includes example logs and testing scripts but does not contain exploit code.

Description

Windows Network File System Remote Code Execution Vulnerability

Exploits (1)

nomisec WRITEUP 3 stars

by corelight · poc

https://github.com/corelight/CVE-2022-24491

View Code ZIP pw:eip

This repository provides a Zeek detector for CVE-2022-24491, which monitors for RPC portmap set and dump actions indicative of exploitation attempts. It includes example logs and testing scripts but does not contain exploit code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Zeek (network security monitor)

No auth needed

Prerequisites: Zeek installation · Network traffic with RPC portmap activity

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24491

Scores

CVSS v3 9.8

EPSS 0.3383

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (16)

microsoft/windows_10

microsoft/windows_10 20h2

microsoft/windows_10 21h1

microsoft/windows_10 21h2

microsoft/windows_10 1607

microsoft/windows_10 1809

microsoft/windows_10 1909

microsoft/windows_11 (2 CPE variants)

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 6 more

Published Apr 15, 2022

Tracked Since Feb 18, 2026