Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2023-28252
HistoryApr 11, 2023 - 12:00 a.m.

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

2023-04-1100:00:00
CISA
www.cisa.gov
46
microsoft windows
clfs
driver
privilege escalation
vulnerability

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.021

Percentile

89.4%

JSON

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related

cve 1
mscve 1
attackerkb 1
githubexploit 4
zdt 1
prion 1
metasploit 1
hivepro 1
nvd 1
vulnrichment 1
cvelist 1
packetstorm 1
securelist 10
wizblog 1
qualysblog 4
talosblog 2
thn 2
avleonov 2
krebs 1
malwarebytes 1
trellix 2
rapid7blog 3
mskb 15
nessus 11
openvas 8
kaspersky 2
cve
cve
CVE-2023-28252
2023-04-11 21:15:25
mscve
mscve
Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 07:00:00
attackerkb
attackerkb
CVE-2023-28252
2023-04-11 00:00:00
githubexploit
githubexploit
Exploit for Heap-based Buffer Overflow in Microsoft
2024-01-22 10:38:02
Exploit for Heap-based Buffer Overflow in Microsoft
2023-06-27 12:22:05
Exploit for Heap-based Buffer Overflow in Microsoft
2024-01-01 15:30:33
zdt
zdt
Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit
2023-09-14 00:00:00
prion
prion
Privilege escalation
2023-04-11 21:15:00
metasploit
metasploit
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
2023-07-28 07:43:37
hivepro
hivepro
Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware
2023-04-12 11:17:33
nvd
nvd
CVE-2023-28252
2023-04-11 21:15:25
vulnrichment
vulnrichment
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 19:13:51
cvelist
cvelist
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 19:13:51
packetstorm
packetstorm
Windows Common Log File System Driver (clfs.sys) Privilege Escalation
2023-09-14 00:00:00
securelist
securelist
IT threat evolution in Q2 2023
2023-08-30 10:00:05
Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)
2023-12-21 10:00:01
Nokoyawa ransomware attacks with Windows zero-day
2023-04-11 17:36:20
wizblog
wizblog
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
2023-04-13 19:20:20
qualysblog
qualysblog
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
2024-03-25 15:44:18
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
talosblog
talosblog
Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole
2023-04-13 18:00:40
Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities
2023-04-11 19:28:27
thn
thn
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
2023-12-26 07:26:00
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
2023-04-12 06:38:00
avleonov
avleonov
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
2023-04-23 23:11:58
Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP
2023-04-27 22:03:04
krebs
krebs
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
2023-04-12 00:06:51
malwarebytes
malwarebytes
Update now! April’s Patch Tuesday includes a fix for one zero-day
2023-04-12 10:00:00
trellix
trellix
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
rapid7blog
rapid7blog
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
2023-12-29 19:38:15
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
Patch Tuesday - April 2023
2023-04-11 22:49:56
mskb
mskb
April 11, 2023—KB5025271 (Monthly Rollup)
2023-04-11 07:00:00
April 11, 2023—KB5025273 (Security-only update)
2023-04-11 07:00:00
April 11, 2023—KB5025279 (Monthly Rollup)
2023-04-11 07:00:00
nessus
nessus
KB5025273: Windows Server 2008 Security Update (April 2023)
2023-04-11 00:00:00
KB5025277: Windows Server 2008 R2 Security Update (April 2023)
2023-04-11 00:00:00
KB5025221: Windows 10 Version 20H2 / Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2023)
2023-04-11 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5025279)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025234)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025221)
2023-04-12 00:00:00
kaspersky
kaspersky
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
KLA48845 Multiple vulnerabilities in Microsoft Windows
2023-04-11 00:00:00

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.021

Percentile

89.4%

JSON
Related for CISA-KEV-CVE-2023-28252
cve1mscve1attackerkb1githubexploit4zdt1prion1metasploit1hivepro1nvd1vulnrichment1cvelist1packetstorm1securelist10wizblog1qualysblog4talosblog2thn2avleonov2krebs1malwarebytes1trellix2rapid7blog3mskb15nessus11openvas8kaspersky2