CVE-2022-29799

MEDIUM

Microsoft Windows Defender For Endpoint - Path Traversal

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-29799. PoCs published by joshuavanderpoll.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-29799 and CVE-2022-29800, which involve a path traversal vulnerability and a symlink TOCTOU race condition in networkd-dispatcher. The exploit allows an unprivileged local user to escalate privileges to root by manipulating the OperationalState property via D-Bus and exploiting a race condition in script execution.

Description

A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory.

Exploits (1)

nomisec WORKING POC 1 stars

by joshuavanderpoll · poc

https://github.com/joshuavanderpoll/NimbusPWN-CVE-2022-29799-29800

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-29799 and CVE-2022-29800, which involve a path traversal vulnerability and a symlink TOCTOU race condition in networkd-dispatcher. The exploit allows an unprivileged local user to escalate privileges to root by manipulating the OperationalState property via D-Bus and exploiting a race condition in script execution.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: networkd-dispatcher < 2.1

No auth needed

Prerequisites: Local access to the system · D-Bus system bus access · networkd-dispatcher version < 2.1

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Patch, Technical Description, Vendor Advisory x_refsource_misc

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

Scores

CVSS v3 5.5

EPSS 0.1176

EPSS Percentile 95.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

microsoft/windows_defender_for_endpoint

Published Sep 21, 2022

Tracked Since Feb 18, 2026