Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-38171 (GCVE-0-2023-38171)
Vulnerability from cvelistv5 – Published: 2023-10-10 17:07 – Updated: 2025-04-14 22:45
VLAI?
EPSS
Title
Microsoft QUIC Denial of Service Vulnerability
Summary
Microsoft QUIC Denial of Service Vulnerability
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.2 |
Affected:
17.2.0 , < 17.2.21
(custom)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft QUIC Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:15.369465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:44:45.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.2.21",
"status": "affected",
"version": "17.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.13",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.9",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.7.6",
"status": "affected",
"version": "17.7.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.2031",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"ARM64-based Systems"
],
"product": "Windows 11 version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22000.2538",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22621.2428",
"status": "affected",
"version": "10.0.22621.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.13",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.3.9",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.2.21",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.13",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.9",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.6",
"versionStartIncluding": "17.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2031",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2538",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.2428",
"versionStartIncluding": "10.0.22621.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.13",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
"versionEndExcluding": "7.3.9",
"versionStartIncluding": "7.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-10-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft QUIC Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T22:45:47.105Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft QUIC Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"title": "Microsoft QUIC Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38171",
"datePublished": "2023-10-10T17:07:23.843Z",
"dateReserved": "2023-07-12T23:41:45.863Z",
"dateUpdated": "2025-04-14T22:45:47.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171\", \"name\": \"Microsoft QUIC Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:30:14.169Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38171\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T21:50:15.369465Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T19:58:31.413Z\"}}], \"cna\": {\"title\": \"Microsoft QUIC Denial of Service Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.2.0\", \"lessThan\": \"17.2.21\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.4\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.4.0\", \"lessThan\": \"17.4.13\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.6.0\", \"lessThan\": \"17.6.9\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Microsoft Visual Studio 2022 version 17.7\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.7.0\", \"lessThan\": \"17.7.6\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2022\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.20348.0\", \"lessThan\": \"10.0.20348.2031\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 21H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.22000.2538\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\", \"ARM64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 22H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.22621.0\", \"lessThan\": \"10.0.22621.2428\", \"versionType\": \"custom\"}], \"platforms\": [\"ARM64-based Systems\", \"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \".NET 7.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0.0\", \"lessThan\": \"7.0.13\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}, {\"vendor\": \"Microsoft\", \"product\": \"PowerShell 7.3\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.3.0\", \"lessThan\": \"7.3.9\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2023-10-10T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171\", \"name\": \"Microsoft QUIC Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft QUIC Denial of Service Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-476\", \"description\": \"CWE-476: NULL Pointer Dereference\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.2.21\", \"versionStartIncluding\": \"17.2.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.4.13\", \"versionStartIncluding\": \"17.4.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.6.9\", \"versionStartIncluding\": \"17.6.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"17.7.6\", \"versionStartIncluding\": \"17.7.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.20348.2031\", \"versionStartIncluding\": \"10.0.20348.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_21H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22000.2538\", \"versionStartIncluding\": \"10.0.0\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_22H2:*:*:*:*:*:*:arm64:*\", \"vulnerable\": true, \"versionEndExcluding\": \"10.0.22621.2428\", \"versionStartIncluding\": \"10.0.22621.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.0.13\", \"versionStartIncluding\": \"7.0.0\"}, {\"criteria\": \"cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"7.3.9\", \"versionStartIncluding\": \"7.3.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-04-14T22:45:47.105Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-38171\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-14T22:45:47.105Z\", \"dateReserved\": \"2023-07-12T23:41:45.863Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2023-10-10T17:07:23.843Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2023-92205
Vulnerability from cnvd - Published: 2023-11-29
VLAI Severity ?
Title
Microsoft QUIC拒绝服务漏洞(CNVD-2023-92205)
Description
Microsoft QUIC是美国微软(Microsoft)公司的一个网络传输协议。
Microsoft QUIC存在拒绝服务漏洞,攻击者可利用该漏洞导致拒绝服务。
Severity
高
Patch Name
Microsoft QUIC拒绝服务漏洞(CNVD-2023-92205)的补丁
Patch Description
Microsoft QUIC是美国微软(Microsoft)公司的一个网络传输协议。
Microsoft QUIC存在拒绝服务漏洞,攻击者可利用该漏洞导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
Impacted products
| Name | ['Microsoft Windows Server 2022', 'Microsoft Visual Studio 2022 17.2', 'Microsoft Visual Studio 2022 17.4', 'Microsoft Window 11 22H2', 'Microsoft .NET 7.0', 'Microsoft Window 11 21H2', 'Microsoft Visual Studio 2022 17.6', 'Microsoft PowerShell 7.3', 'Microsoft Visual Studio 2022 17.7'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-38171",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-38171"
}
},
"description": "Microsoft QUIC\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u4f20\u8f93\u534f\u8bae\u3002\n\nMicrosoft QUIC\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-92205",
"openTime": "2023-11-29",
"patchDescription": "Microsoft QUIC\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7f51\u7edc\u4f20\u8f93\u534f\u8bae\u3002\r\n\r\nMicrosoft QUIC\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft QUIC\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2023-92205\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft Windows Server 2022",
"Microsoft Visual Studio 2022 17.2",
"Microsoft Visual Studio 2022 17.4",
"Microsoft Window 11 22H2",
"Microsoft .NET 7.0",
"Microsoft Window 11 21H2",
"Microsoft Visual Studio 2022 17.6",
"Microsoft PowerShell 7.3",
"Microsoft Visual Studio 2022 17.7"
]
},
"referenceLink": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"serverity": "\u9ad8",
"submitTime": "2023-10-13",
"title": "Microsoft QUIC\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2023-92205\uff09"
}
GHSA-XH5M-8QQP-C5X7
Vulnerability from github – Published: 2023-10-10 21:23 – Updated: 2024-06-03 18:35
VLAI?
Summary
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Details
Impact
The MsQuic server application or process will crash, resulting in a denial of service.
Patches
The following patch was made:
- Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
Workarounds
Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.Native.Quic.MsQuic.Schannel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.Native.Quic.MsQuic.OpenSSL"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38171"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-10T21:23:27Z",
"nvd_published_at": "2023-10-10T18:15:18Z",
"severity": "HIGH"
},
"details": "### Impact\nThe MsQuic server application or process will crash, resulting in a denial of service.\n\n### Patches\nThe following patch was made:\n\n- Don\u0027t Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343\n\n### Workarounds\nBeyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.\n",
"id": "GHSA-xh5m-8qqp-c5x7",
"modified": "2024-06-03T18:35:09Z",
"published": "2023-10-10T21:23:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38171"
},
{
"type": "WEB",
"url": "https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343"
},
{
"type": "PACKAGE",
"url": "https://github.com/microsoft/msquic"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel"
}
CVE-2023-38171
Vulnerability from fstec - Published: 10.10.2023
VLAI Severity ?
Title
Уязвимость реализации сетевого протокола QUIC операционной системы Windows, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость реализации сетевого протокола QUIC операционной системы Windows связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующий удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Microsoft Corp
Software Name
Windows Server 2022, Windows Server 2022 (Server Core installation), Microsoft Visual Studio 2022, Windows 11 22H2, .NET, Windows 11 21H2
Software Version
- (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), 17.2 (Microsoft Visual Studio 2022), - (Windows 11 22H2), 7.0 (.NET), 17.4 (Microsoft Visual Studio 2022), - (Windows 11 21H2), 17.6 (Microsoft Visual Studio 2022), 17.7 (Microsoft Visual Studio 2022)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
CWE
CWE-20
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO755, TO760, TO767, TO768, TO769, TO770",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO755 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Windows Server 2022 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5031364), TO760 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Windows 11 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5031358), TO767 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2022 (KB5007364), TO768 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2022 (KB5007364), TO769 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2022 (KB5007364), TO770 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2022 (KB5007364)",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows Server 2022), - (Windows Server 2022 (Server Core installation)), 17.2 (Microsoft Visual Studio 2022), - (Windows 11 22H2), 7.0 (.NET), 17.4 (Microsoft Visual Studio 2022), - (Windows 11 21H2), 17.6 (Microsoft Visual Studio 2022), 17.7 (Microsoft Visual Studio 2022)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.10.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.10.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-06839",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-38171",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows Server 2022, Windows Server 2022 (Server Core installation), Microsoft Visual Studio 2022, Windows 11 22H2, .NET, Windows 11 21H2",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows Server 2022 - , Microsoft Corp Windows Server 2022 (Server Core installation) - , Microsoft Corp Windows 11 22H2 - 64-bit, Microsoft Corp Windows 11 22H2 - ARM64, Microsoft Corp Windows 11 21H2 - 64-bit, Microsoft Corp Windows 11 21H2 - ARM64",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 QUIC \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 QUIC \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2023-AVI-0827
Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-27
De multiples vulnérabilités ont été corrigées dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, un déni de service et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Windows Server 2022 | ||
| Microsoft | Windows | Windows Server 2012 | ||
| Microsoft | Windows | Windows 10 pour systèmes x64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2019 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2019 | ||
| Microsoft | Windows | Windows Server 2012 R2 | ||
| Microsoft | Windows | Windows Server 2022 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 10 Version 1809 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2016 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows 11 version 21H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 1607 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2012 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 21H2 pour systèmes x64 | ||
| Microsoft | Windows | Windows Server 2008 pour systèmes 32 bits Service Pack 2 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 | ||
| Microsoft | Windows | Microsoft ODBC Driver 18 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows Server 2016 | ||
| Microsoft | Windows | PowerShell 7.3 | ||
| Microsoft | Windows | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) | ||
| Microsoft | Windows | Microsoft ODBC Driver 17 pour SQL Server on Windows | ||
| Microsoft | Windows | Windows Server 2012 R2 (Server Core installation) | ||
| Microsoft | Windows | Windows 10 pour systèmes 32 bits | ||
| Microsoft | Windows | Windows 10 Version 22H2 pour systèmes ARM64 | ||
| Microsoft | Windows | Windows 11 Version 22H2 pour systèmes x64 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2022",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "PowerShell 7.3",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Windows",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation)",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36438",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36438"
},
{
"name": "CVE-2023-36577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36577"
},
{
"name": "CVE-2023-36776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36776"
},
{
"name": "CVE-2023-36722",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36722"
},
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-41766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41766"
},
{
"name": "CVE-2023-36743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36743"
},
{
"name": "CVE-2023-36579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36579"
},
{
"name": "CVE-2023-36717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36717"
},
{
"name": "CVE-2023-36603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36603"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-36564",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36564"
},
{
"name": "CVE-2023-36605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36605"
},
{
"name": "CVE-2023-38166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38166"
},
{
"name": "CVE-2023-36431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36431"
},
{
"name": "CVE-2023-36713",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36713"
},
{
"name": "CVE-2023-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36557"
},
{
"name": "CVE-2023-41765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41765"
},
{
"name": "CVE-2023-36721",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36721"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36707",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36707"
},
{
"name": "CVE-2023-41769",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41769"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36581",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36581"
},
{
"name": "CVE-2023-29348",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29348"
},
{
"name": "CVE-2023-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41773"
},
{
"name": "CVE-2023-36571",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36571"
},
{
"name": "CVE-2023-36726",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36726"
},
{
"name": "CVE-2023-36706",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36706"
},
{
"name": "CVE-2023-36583",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36583"
},
{
"name": "CVE-2023-36590",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36590"
},
{
"name": "CVE-2023-36710",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36710"
},
{
"name": "CVE-2023-36725",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36725"
},
{
"name": "CVE-2023-36790",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36790"
},
{
"name": "CVE-2023-36434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36434"
},
{
"name": "CVE-2023-36729",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36729"
},
{
"name": "CVE-2023-36702",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36702"
},
{
"name": "CVE-2023-36718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36718"
},
{
"name": "CVE-2023-36591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36591"
},
{
"name": "CVE-2023-36576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36576"
},
{
"name": "CVE-2023-36584",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36584"
},
{
"name": "CVE-2023-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36567"
},
{
"name": "CVE-2023-36594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36594"
},
{
"name": "CVE-2023-36573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36573"
},
{
"name": "CVE-2023-36711",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36711"
},
{
"name": "CVE-2023-36570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36570"
},
{
"name": "CVE-2023-36572",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36572"
},
{
"name": "CVE-2023-36578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36578"
},
{
"name": "CVE-2023-36724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36724"
},
{
"name": "CVE-2023-36582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36582"
},
{
"name": "CVE-2023-36720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36720"
},
{
"name": "CVE-2023-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38159"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36585",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36585"
},
{
"name": "CVE-2023-36723",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36723"
},
{
"name": "CVE-2023-36703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36703"
},
{
"name": "CVE-2023-36596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36596"
},
{
"name": "CVE-2023-36701",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36701"
},
{
"name": "CVE-2023-41770",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41770"
},
{
"name": "CVE-2023-41771",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41771"
},
{
"name": "CVE-2023-36709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36709"
},
{
"name": "CVE-2023-41767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41767"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
},
{
"name": "CVE-2023-36589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36589"
},
{
"name": "CVE-2023-36593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36593"
},
{
"name": "CVE-2023-36698",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36698"
},
{
"name": "CVE-2023-36732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36732"
},
{
"name": "CVE-2023-36575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36575"
},
{
"name": "CVE-2023-41774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41774"
},
{
"name": "CVE-2023-36731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36731"
},
{
"name": "CVE-2023-36592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36592"
},
{
"name": "CVE-2023-36606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36606"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36602",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36602"
},
{
"name": "CVE-2023-41772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41772"
},
{
"name": "CVE-2023-41768",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41768"
},
{
"name": "CVE-2023-36436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36436"
},
{
"name": "CVE-2023-36574",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36574"
},
{
"name": "CVE-2023-36697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36697"
},
{
"name": "CVE-2023-36712",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36712"
},
{
"name": "CVE-2023-36704",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36704"
},
{
"name": "CVE-2023-36563",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36563"
},
{
"name": "CVE-2023-35349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35349"
},
{
"name": "CVE-2023-36598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36598"
},
{
"name": "CVE-2023-36902",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36902"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36731 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36590 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35349 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41772 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36571 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36594 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36596 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36577 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36790 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36585 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29348 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41768 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36563 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36583 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41770 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36436 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36431 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38159 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36718 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36776 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36572 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36564 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36591 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36582 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36701 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36605 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36581 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36573 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36602 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36584 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36576 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36574 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36720 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36709 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36593 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36729 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36717 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38166 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36698 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36726 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36434 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36703 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36712 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36902 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36706 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41767 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36697 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36711 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36578 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36724 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36557 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36723 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36570 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41771 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36598 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36589 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36725 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36438 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36722 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41765 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36603 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41769 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36713 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36721 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41774 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36704 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36710 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36575 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36606 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41773 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36567 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36702 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36579 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36707 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36592 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36732 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41766 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36743 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743"
}
],
"reference": "CERTFR-2023-AVI-0827",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
},
{
"description": "Microsoft a d\u00e9clar\u00e9 que PowerShell 7.3 \u00e9tait \u00e9galement affect\u00e9 par les vuln\u00e9rabilit\u00e9s CVE-2023-36435 et CVE-2023-38171",
"revision_date": "2023-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Windows\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni\nde service et un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0830
Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une usurpation d'identité, une exécution de code à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour C# | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU7 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU13 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 22) | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour TypeScript | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 8) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Java | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Python |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour C#",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 22)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour TypeScript",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Java",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Python",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-36429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36429"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36789"
},
{
"name": "CVE-2023-36778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36778"
},
{
"name": "CVE-2023-36566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36566"
},
{
"name": "CVE-2023-36780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36780"
},
{
"name": "CVE-2023-36786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36786"
},
{
"name": "CVE-2023-36568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36417"
},
{
"name": "CVE-2023-41763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"
},
{
"name": "CVE-2023-36416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36416"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36433"
},
{
"name": "CVE-2023-36569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41763 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36429 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36433 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36566 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36786 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36789 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36416 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36778 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36417 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36780 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780"
}
],
"reference": "CERTFR-2023-AVI-0830",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2024-AVI-0478
Vulnerability from certfr_avis - Published: 2024-06-11 - Updated: 2024-06-11
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SINEC Traffic Analyzer versions antérieures à 1.2 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC versions antérieures à 2.3 | ||
| Siemens | N/A | SITOP UPS1600 EX 20 A Ethernet PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | Teamcenter Visualization 14.3 versions antérieures à 14.3.0.9 | ||
| Siemens | N/A | SITOP UPS1600 40 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | PCCX26 Ax 1703 PE, Contr, Communication Element versions antérieures à 06.05 | ||
| Siemens | N/A | Tecnomatix Plant Simulation 2404 versions antérieures à 2404.0001 | ||
| Siemens | N/A | TIM 1531 IRC versions antérieures à 2.4.8 | ||
| Siemens | N/A | CPCX26 Central Processing/Communication versions antérieures à 06.02 | ||
| Siemens | N/A | SITOP UPS1600 20 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | Teamcenter Visualization 2312 versions antérieures à 2312.0004 | ||
| Siemens | N/A | JT2Go versions antérieures à 2312.0004 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 10 versions antérieures à 10.11.0 | ||
| Siemens | N/A | Tecnomatix Plant Simulation 2302 versions antérieures à 2302.0012 | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC versions antérieures à 2.4.8 | ||
| Siemens | N/A | ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions antérieures à 03.27 | ||
| Siemens | N/A | SITOP UPS1600 10 A Ethernet/ PROFINET versions antérieures à 2.5.4 | ||
| Siemens | N/A | PowerSys versions antérieures à 3.11 | ||
| Siemens | N/A | ETA4 Ethernet Interface IEC60870-5-104 versions antérieures à 10.46 | ||
| Siemens | N/A | TIA Administrator versions antérieures à 3 SP2 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 9 versions antérieures à 9.24.22 | ||
| Siemens | N/A | ST7 ScadaConnect versions antérieures à 1.1 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions antérieures à 2.3 | ||
| Siemens | N/A | Teamcenter Visualization 14.2 toutes versions, aucun correctif n'est disponible | ||
| Siemens | N/A | les produits SCALANCE, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions antérieures à 2.3 | ||
| Siemens | N/A | les applications Mendix utilisant Mendix 10.6 versions antérieures à 10.6.9 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SINEC Traffic Analyzer versions ant\u00e9rieures \u00e0 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 EX 20 A Ethernet PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 14.3 versions ant\u00e9rieures \u00e0 14.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 40 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PCCX26 Ax 1703 PE, Contr, Communication Element versions ant\u00e9rieures \u00e0 06.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation 2404 versions ant\u00e9rieures \u00e0 2404.0001",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CPCX26 Central Processing/Communication versions ant\u00e9rieures \u00e0 06.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 20 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 2312 versions ant\u00e9rieures \u00e0 2312.0004",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 2312.0004",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 10 versions ant\u00e9rieures \u00e0 10.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Tecnomatix Plant Simulation 2302 versions ant\u00e9rieures \u00e0 2302.0012",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions ant\u00e9rieures \u00e0 03.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 10 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PowerSys versions ant\u00e9rieures \u00e0 3.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ETA4 Ethernet Interface IEC60870-5-104 versions ant\u00e9rieures \u00e0 10.46",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator versions ant\u00e9rieures \u00e0 3 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 9 versions ant\u00e9rieures \u00e0 9.24.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "ST7 ScadaConnect versions ant\u00e9rieures \u00e0 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization 14.2 toutes versions, aucun correctif n\u0027est disponible",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les produits SCALANCE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "les applications Mendix utilisant Mendix 10.6 versions ant\u00e9rieures \u00e0 10.6.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-24895",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24895"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2024-35207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35207"
},
{
"name": "CVE-2023-33135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33135"
},
{
"name": "CVE-2024-33500",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33500"
},
{
"name": "CVE-2023-35390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35390"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2024-35210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35210"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38380"
},
{
"name": "CVE-2023-36794",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
},
{
"name": "CVE-2024-36266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36266"
},
{
"name": "CVE-2023-24897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24897"
},
{
"name": "CVE-2022-44792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
},
{
"name": "CVE-2022-42329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
},
{
"name": "CVE-2024-35206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35206"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-24936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24936"
},
{
"name": "CVE-2023-36792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-46144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
},
{
"name": "CVE-2022-3435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-26277",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26277"
},
{
"name": "CVE-2022-40225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40225"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-35828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
},
{
"name": "CVE-2023-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36049"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-44793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
},
{
"name": "CVE-2024-35211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35211"
},
{
"name": "CVE-2023-33127",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33127"
},
{
"name": "CVE-2021-47178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47178"
},
{
"name": "CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"name": "CVE-2023-33170",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33170"
},
{
"name": "CVE-2023-33128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33128"
},
{
"name": "CVE-2023-41910",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41910"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-45886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45886"
},
{
"name": "CVE-2022-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
},
{
"name": "CVE-2023-27321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27321"
},
{
"name": "CVE-2024-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31484"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2022-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
},
{
"name": "CVE-2023-26552",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26552"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2024-35212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35212"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2023-21255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
},
{
"name": "CVE-2024-26275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26275"
},
{
"name": "CVE-2023-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"
},
{
"name": "CVE-2023-35824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
},
{
"name": "CVE-2024-35209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35209"
},
{
"name": "CVE-2022-42328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
},
{
"name": "CVE-2023-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
},
{
"name": "CVE-2023-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38178"
},
{
"name": "CVE-2022-45887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
},
{
"name": "CVE-2024-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0775"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2023-32032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32032"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2023-26554",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26554"
},
{
"name": "CVE-2023-2269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
},
{
"name": "CVE-2024-35208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35208"
},
{
"name": "CVE-2024-26276",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26276"
},
{
"name": "CVE-2023-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1017"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-28260",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28260"
},
{
"name": "CVE-2023-50763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50763"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-29331",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29331"
},
{
"name": "CVE-2023-44374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
},
{
"name": "CVE-2023-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38533"
},
{
"name": "CVE-2023-35829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35829"
},
{
"name": "CVE-2023-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36038"
},
{
"name": "CVE-2023-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21808"
},
{
"name": "CVE-2023-36799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
},
{
"name": "CVE-2023-26553",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26553"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2023-35391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35391"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2023-36796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-35303",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35303"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35292"
},
{
"name": "CVE-2023-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36558"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-33126",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33126"
},
{
"name": "CVE-2023-52474",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
},
{
"name": "CVE-2023-44318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
},
{
"name": "CVE-2023-36793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
}
],
"initial_release_date": "2024-06-11T00:00:00",
"last_revision_date": "2024-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0478",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-900277",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-900277.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620338",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620338.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-540640",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-540640.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-238730",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-238730.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-319319",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-319319.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-879734",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-879734.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625862",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-481506",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-481506.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-024584",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-024584.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-196737",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-196737.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337522",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-341067",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-771940",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
},
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-690517",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
}
]
}
CERTFR-2023-AVI-0828
Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ASP.NET Core 7.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 6.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36435 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"
}
],
"reference": "CERTFR-2023-AVI-0828",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
bit-dotnet-2023-38171
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:52
Modified
2025-05-20 10:02
Summary
Microsoft QUIC Denial of Service Vulnerability
Details
Microsoft QUIC Denial of Service Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.12"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-38171"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "Microsoft QUIC Denial of Service Vulnerability",
"id": "BIT-dotnet-2023-38171",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:52:42.705Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38171"
}
],
"schema_version": "1.5.0",
"summary": "Microsoft QUIC Denial of Service Vulnerability"
}
GSD-2023-38171
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Microsoft QUIC Denial of Service Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-38171",
"id": "GSD-2023-38171"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-38171"
],
"details": "Microsoft QUIC Denial of Service Vulnerability",
"id": "GSD-2023-38171",
"modified": "2023-12-13T01:20:36.050805Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-38171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio 2022 version 17.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.2.0",
"version_value": "17.2.20"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.4",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.4.0",
"version_value": "17.4.12"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.6",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.6.0",
"version_value": "17.6.8"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.7.0",
"version_value": "17.7.5"
}
]
}
},
{
"product_name": "Windows Server 2022",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.20348.2031"
}
]
}
},
{
"product_name": "Windows 11 version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22000.2538"
}
]
}
},
{
"product_name": "Windows 11 version 22H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22621.2428"
}
]
}
},
{
"product_name": ".NET 7.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.0.0",
"version_value": "7.0.12"
}
]
}
},
{
"product_name": "PowerShell 7.3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.3.0",
"version_value": "7.3.9"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft QUIC Denial of Service Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.0.22621.2428",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.2.20",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.4.12",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.6.8",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2023-38171"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft QUIC Denial of Service Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-10-12T22:19Z",
"publishedDate": "2023-10-10T18:15Z"
}
}
}
FKIE_CVE-2023-38171
Vulnerability from fkie_nvd - Published: 2023-10-10 18:15 - Updated: 2024-11-21 08:13
Severity ?
Summary
Microsoft QUIC Denial of Service Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | windows_11_22h2 | * | |
| microsoft | windows_server_2022 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF7ECF6-178D-433C-AA21-BAE9EF248F37",
"versionEndExcluding": "7.0.12",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "721D09CB-C00B-4436-A5DB-4C4E53ECBE5F",
"versionEndExcluding": "17.2.20",
"versionStartIncluding": "17.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACD519-DFE4-4BB4-B0F7-9DECF6F7332F",
"versionEndExcluding": "17.4.12",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B09DBD5A-9F00-43FF-8B9B-17F286A92402",
"versionEndExcluding": "17.6.8",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C561F14F-F4BF-4473-BD01-963A55F87E21",
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B",
"versionEndExcluding": "10.0.22621.2428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft QUIC Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft QUIC"
}
],
"id": "CVE-2023-38171",
"lastModified": "2024-11-21T08:13:00.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2023-10-10T18:15:18.087",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…