7.8
CVE-2023-36424
- EPSS 12.18%
- Veröffentlicht 14.11.2023 18:15:45
- Zuletzt bearbeitet 14.04.2026 14:44:43
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1507 HwPlatformx64 Version < 10.0.10240.20308
Microsoft ≫ Windows 10 1507 HwPlatformx86 Version < 10.0.10240.20308
Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.6452
Microsoft ≫ Windows 10 1607 HwPlatformx86 Version < 10.0.14393.6452
Microsoft ≫ Windows 10 1809 HwPlatformarm64 Version < 10.0.17763.5122
Microsoft ≫ Windows 10 1809 HwPlatformx64 Version < 10.0.17763.5122
Microsoft ≫ Windows 10 1809 HwPlatformx86 Version < 10.0.17763.5122
Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.3693
Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.3693
Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.2600
Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.2715
Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.2715
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx64
Microsoft ≫ Windows Server 2008 Version- Updatesp2 HwPlatformx86
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows Server 2016 Version < 10.0.14393.6452
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.5122
Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2091
Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.531
13.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Out-of-Bounds Read Vulnerability
SchwachstelleMicrosoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 12.18% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secure@microsoft.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424