CVE-2022-34721

CRITICAL EXPLOITED IN THE WILD

Windows Internet Key Exchange (IKE) Protocol Extensions - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-34721 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including 78ResearchLab.

AI-analyzed exploit summary The repository contains a functional PoC for CVE-2022-21849, a stack buffer overflow in Windows IKE Extension due to improper handling of VendorID payloads. The exploit sends a crafted IKEv2 packet with an oversized VendorID to trigger the vulnerability.

Description

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Exploits (1)

patchapalooza WORKING POC
by 78ResearchLab · dos
https://github.com/78ResearchLab/PoC

The repository contains a functional PoC for CVE-2022-21849, a stack buffer overflow in Windows IKE Extension due to improper handling of VendorID payloads. The exploit sends a crafted IKEv2 packet with an oversized VendorID to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows IKE Extension (IKEXT.dll)
No auth needed
Prerequisites: Network access to target's IKE service (UDP port 500) · Scapy library for packet crafting
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.2660
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2022-11-25
InTheWild.io 2022-11-28
Status published
Products (17)
microsoft/windows_10
microsoft/windows_10 20h2
microsoft/windows_10 21h1
microsoft/windows_10 21h2
microsoft/windows_10 1607
microsoft/windows_10 1809
microsoft/windows_11 (2 CPE variants)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 7 more
Published Sep 13, 2022
Tracked Since Feb 18, 2026