CVE-2022-23410 – CVE-2022-23410 is a DLL hijacking vulnerability... (How to Fix)

Q: What is the severity of CVE-2022-23410?

CVE-2022-23410 has a CVSS score of 7.8 (HIGH). CVE-2022-23410 is a DLL hijacking vulnerability in AXIS IP Utility that allows attackers to execute arbitrary code with elevated privileges. It affects users running vulnerable versions of AXIS IP Utility on Windows systems. Attackers can exploit this by placing malicious DLLs in the same directory as IPUtility.exe.

📋 TL;DR

CVE-2022-23410 is a DLL hijacking vulnerability in AXIS IP Utility that allows attackers to execute arbitrary code with elevated privileges. It affects users running vulnerable versions of AXIS IP Utility on Windows systems. Attackers can exploit this by placing malicious DLLs in the same directory as IPUtility.exe.

💻 Affected Systems

Products:

AXIS IP Utility

Versions: All versions before 4.18.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Windows OS and ability to place DLLs in IPUtility.exe directory.

📦 What is this software?

Ip Utility by Axis

View all CVEs affecting Ip Utility →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM/administrator privileges, enabling complete control over affected systems, data theft, and lateral movement.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access on the compromised system.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized file placement in application directories.

🌐 Internet-Facing: LOW - Requires local access or ability to place files in specific directories.

🏢 Internal Only: MEDIUM - Internal attackers with basic access could exploit for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires ability to place malicious DLL in application directory before execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.18.0 and later

Vendor Advisory: https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf

Restart Required: Yes

Instructions:

1. Download AXIS IP Utility 4.18.0 or later from official AXIS website. 2. Uninstall previous version. 3. Install new version. 4. Restart system.

🔧 Temporary Workarounds

Restrict directory permissions

windows

Set strict permissions on IPUtility.exe directory to prevent unauthorized file creation.

icacls "C:\Program Files\AXIS\IP Utility" /deny Everyone:(OI)(CI)(W)

Use application whitelisting

windows

Implement application control to prevent execution of unauthorized DLLs.

🧯 If You Can't Patch

Remove or restrict execute permissions for non-admin users on IPUtility.exe
Monitor for suspicious DLL files in AXIS IP Utility directories

🔍 How to Verify

Check if Vulnerable:

Check AXIS IP Utility version in Help > About. If version is below 4.18.0, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify installed version is 4.18.0 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual DLL loading events from AXIS IP Utility directories
Process creation events for IPUtility.exe with unexpected parent processes

Network Indicators:

Unusual outbound connections from IPUtility.exe process

SIEM Query:

Process Name="IPUtility.exe" AND (Image Loaded="*.dll" FROM "C:\Users\*\*" OR Image Loaded="*.dll" FROM "C:\Temp\*")

📊 Metadata

CVE ID: CVE-2022-23410

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: February 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf Vendor Advisory
https://www.axis.com/files/tech_notes/CVE-2022-23410.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23410, you might also want to check these: