CVE-2022-31199 added to CISA KEV: Netwrix Auditor
Status: ✅ Confirmed exploited in the wild
Date added: 2023-07-11
Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Due date: 2023-08-01
Why this matters
Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.