Skip to main content

Windows 10 20H2 CVE-2023-21539

HIGH
Out-of-bounds Read (CWE-125)
2023-01-10 secure@microsoft.com
7.5
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 10, 2023 - 22:15 cve.org
HIGH 7.5

DescriptionCVE.org

Windows Authentication Remote Code Execution Vulnerability

AnalysisAI

Windows Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Affected products include: Microsoft Windows 10 20H2, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2, Microsoft Windows 11 21H2, Microsoft Windows 11 22H2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2021-34527 HIGH POC
8.8 Jul 02

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged fi

CVE-2023-28252 HIGH POC
7.8 Apr 11

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-40449 HIGH POC
7.8 Oct 13

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2021-1675 HIGH POC
7.8 Jun 08

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no auth

CVE-2022-26904 HIGH POC
7.0 Apr 15

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

CVE-2023-21554 CRITICAL POC
9.8 Apr 11

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-31166 CRITICAL POC
9.8 May 11

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2022-26923 HIGH POC
8.8 May 10

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-28293 HIGH POC
7.8 Apr 11

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack co

CVE-2023-23410 HIGH POC
7.8 Mar 14

Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack

CVE-2023-28229 HIGH POC
7.0 Apr 11

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). Public exploit c

CVE-2022-26934 MEDIUM
6.5 May 10

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is

Share

CVE-2023-21539 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy