VDB
CVE-2023-35631
CVE-2023-35631
PUBLISHED
In verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server existieren mehrere zum Teil nicht genauer beschriebene Schwachstellen. Ein Angreifer kann diese Schwachstellen ausnutzen, um DNS Informationen zu fälschen, um Informationen offenzulegen, um einen Denial of Service Zustand herbeizuführen, um Code auszuführen und um Systemrechte zu erlangen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.
EPSS 1.57% · 81.9th percentile
Risk Scores
EPSS Score
1.57%
81.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows Server 2016 | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows 10 Version 21H2 | |
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows Server 2012 R2 | |
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows 11 Version 21H2 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Microsoft | Microsoft Windows Server 2019 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Windows 11 Version 22H2 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- CIRCL seen: CVE-2023-20588 (circl-sighting)
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007 (circl)
- https://www.debian.org/security/2023/dsa-5480 (circl)
- https://www.debian.org/security/2023/dsa-5492 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/25/3 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/25/4 (circl)
- http://xenbits.xen.org/xsa/advisory-439.html (circl)
- http://www.openwall.com/lists/oss-security/2023/09/25/5 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/25/8 (circl)
…and 246 more exploits
Timeline
- Dec 4, 2023 PoC Published
- Dec 12, 2023 CVE Published
- Dec 13, 2023 EPSS Score
- Dec 13, 2023 PoC Published
- Dec 18, 2023 PoC Published
- Jan 11, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 1, 2024 PoC Published
- Apr 8, 2024 EPSS Score
- May 7, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 5, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3137.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3137 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/ advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2023/12.html advisory