Skip to main content

Windows 10 20H2 CVE-2023-24871

HIGH
Integer Overflow or Wraparound (CWE-190)
2023-03-14 secure@microsoft.com
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2023 - 17:15 cve.org
HIGH 8.8

DescriptionCVE.org

Windows Bluetooth Service Remote Code Execution Vulnerability

AnalysisAI

Windows Bluetooth Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Windows Bluetooth Service Remote Code Execution Vulnerability Affected products include: Microsoft Windows 10 20H2, Microsoft Windows 10 21H2, Microsoft Windows 10 22H2, Microsoft Windows 11 21H2, Microsoft Windows 11 22H2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2021-34527 HIGH POC
8.8 Jul 02

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged fi

CVE-2023-28252 HIGH POC
7.8 Apr 11

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-40449 HIGH POC
7.8 Oct 13

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2021-1675 HIGH POC
7.8 Jun 08

Windows Print Spooler Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no auth

CVE-2022-26904 HIGH POC
7.0 Apr 15

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

CVE-2023-21554 CRITICAL POC
9.8 Apr 11

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2021-31166 CRITICAL POC
9.8 May 11

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2022-26923 HIGH POC
8.8 May 10

Active Directory Domain Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2023-28293 HIGH POC
7.8 Apr 11

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack co

CVE-2023-23410 HIGH POC
7.8 Mar 14

Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack

CVE-2023-28229 HIGH POC
7.0 Apr 11

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). Public exploit c

CVE-2022-26934 MEDIUM
6.5 May 10

Windows Graphics Component Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is

Share

CVE-2023-24871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy