Lucene search

K
cve[email protected]CVE-2023-24905
HistoryMay 09, 2023 - 6:15 p.m.

CVE-2023-24905

2023-05-0918:15:12
CWE-284
web.nvd.nist.gov
109
cve-2023-24905
remote desktop
client
remote code execution
vulnerability
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

Remote Desktop Client Remote Code Execution Vulnerability

Affected configurations

Vulners
NVD
Node
microsoftwindows_10_20h2Range10.0.010.0.19042.2965
OR
microsoftwindows_11_21h2Range10.0.010.0.22000.1936
OR
microsoftwindows_10_21h2Range10.0.010.0.19044.2965
OR
microsoftwindows_11_22h2Range10.0.010.0.22621.1702
OR
microsoftwindows_10_22h2Range10.0.010.0.19045.2965
VendorProductVersionCPE
microsoftwindows_10_20h2*cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
microsoftwindows_11_21h2*cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
microsoftwindows_10_21h2*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
microsoftwindows_11_22h2*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
microsoftwindows_10_22h2*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 20H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2965:*:*:*:*:*:x86:*",
      "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2965:*:*:*:*:*:arm64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19042.2965",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 11 version 21H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:x64:*",
      "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:arm64:*"
    ],
    "platforms": [
      "x64-based Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.22000.1936",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 21H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x86:*",
      "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:arm64:*",
      "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "ARM64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19044.2965",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 11 version 22H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1702:*:*:*:*:*:arm64:*",
      "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1702:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "ARM64-based Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.22621.1702",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 22H2",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x64:*",
      "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:arm64:*",
      "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x86:*"
    ],
    "platforms": [
      "x64-based Systems",
      "ARM64-based Systems",
      "32-bit Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.19045.2965",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%