Lucene search

K
cvelistMicrosoftCVELIST:CVE-2023-28277
HistoryApr 11, 2023 - 7:13 p.m.

CVE-2023-28277 Windows DNS Server Information Disclosure Vulnerability

2023-04-1119:13:54
CWE-190
microsoft
www.cve.org
2
cve-2023-28277
windows
dns
server
information disclosure
vulnerability

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Windows Server 2022",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1668:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.20348.1668",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%