CVE-2022-31199 — Netwrix Auditor

known ransomware use

Netwrix Auditor Insecure Object Deserialization Vulnerability

Added to KEV

2023-07-11

Federal due date

2023-08-01

Vendor

Netwrix

Product

Auditor

EPSS

90.7th percentile (score 0.059, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2022-31199

CISA short description

Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Required action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.