.svg){kind=icon}
Netwrix Auditor 
Netwrix Change Tracker 
Netwrix Data Classification 
Netwrix Enterprise Auditor 
Netwrix GroupID 
Netwrix Password Policy Enforcer 
Netwrix Password Secure 
Netwrix Password Reset 
Netwrix PolicyPak 
Netwrix Privilege Secure 
Netwrix Recovery for Active Directory 
Netwrix StealthINTERCEPT 
Netwrix Threat Manager 
Netwrix Usercube 
Netwrix Strongpoint 
Netwrix 1Secure for MSPs 
Frisco, Texas, July 6, 2023
Netwrix Statement on CVE-2022-31199
We are again advising all Netwrix Auditor customers to upgrade to version 10.5.10977.0
Netwrix, a cybersecurity vendor that makes data security easy, in response to CISA’s Cybersecurity Advisory (CSA) of July 6, 2023, is again advising all Netwrix Auditor customers to upgrade to version 10.5.10977.0 and to ensure that no Netwrix Auditor systems are exposed to the internet.
These remediation steps address a vulnerability (CVE-2022-31199) in earlier versions of Netwrix Auditor. This vulnerability may permit an attacker to execute arbitrary code on a Netwrix Auditor system that is exposed to the internet, contrary to deployment best practices. While customers whose Netwrix Auditor systems are not exposed to the internet are at low risk, all customers should upgrade to version 10.5.10977.0. Customers whose Netwrix Auditor systems are exposed to the internet should prevent access from the internet without delay.
The following is an overview of the history of the issue:
On June 6, 2022, Netwrix released version 10.5.10936.0 of Netwrix Auditor, which included a remediation for CVE-2022-31199, published a security advisory and notified customers to update Netwrix Auditor as soon as possible. Netwrix also advised customers to follow the best practice, of not exposing Netwrix Auditor systems to the internet.
On October 27, 2022, Netwrix released Netwrix Auditor version 10.5.10977.0 to address additional vectors of exploitation that were discovered during an internal security review. Customers were advised to upgrade to this version.
At this time, Netwrix also learned of the first known attempt by a threat actor to exploit CVE-2022-31199 in a customer’s environment. The available evidence suggests that all the compromised systems were exposed to the internet. Netwrix promptly updated the security advisory to include the indicators of compromise (IOCs) collected by the customer and notified all other customers, consistent with best security practices. On December 12, 2022, Netwrix updated the advisory to reflect additional evidence of the same threat actor’s attempts to exploit the vulnerability.
about netwrix corporation
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
For more information, visit www.netwrix.com.
contact us
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Media contact
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170