China National Vulnerability DatabaseCNVD-2023-44304Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44304)
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:M/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
57.0%
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System (DNS) is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map computer names to IP addresses. A remote code execution vulnerability exists in Microsoft Windows DNS, which can be exploited by an attacker to cause remote code execution.
Related
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:M/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
57.0%