CVE-2023-24941 - OpenCVE

Windows Network File System Remote Code Execution Vulnerability

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Server 2022 Windows Server 2019 Windows Server 2012 Windows Server 2016

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2023-05-09T17:02:53.781Z

Updated: 2024-05-29T01:50:41.943Z

Reserved: 2023-01-31T20:37:47.258Z

Link: CVE-2023-24941

JSON object: View

NVD Information

Status : Modified

Published: 2023-05-09T18:15:12.587

Modified: 2024-05-29T02:15:23.260

Link: CVE-2023-24941

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-24941", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-01-31T20:37:47.258Z", "datePublished": "2023-05-09T17:02:53.781Z", "dateUpdated": "2024-05-29T01:50:41.943Z"}, "containers": {"cna": {"title": "Windows Network File System Remote Code Execution Vulnerability", "datePublic": "2023-05-09T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Windows Server 2019", "cpes": ["cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4377:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.4377", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4377:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.4377", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "cpes": ["cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1724:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.20348.1726", "versionType": "custom", "status": "affected"}, {"version": "10.0.0", "lessThan": "10.0.20348.1724", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "cpes": ["cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5921:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.14393.5921", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5921:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.14393.5921", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012", "cpes": ["cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24266:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.0", "lessThan": "6.2.9200.24266", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24266:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.0", "lessThan": "6.2.9200.24266", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "cpes": ["cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20969:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.0", "lessThan": "6.3.9600.20969", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20969:*:*:*:*:*:x64:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.0", "lessThan": "6.3.9600.20969", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Windows Network File System Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-908: Use of Uninitialized Resource", "lang": "en-US", "type": "CWE", "cweId": "CWE-908"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T01:50:41.943Z"}, "references": [{"name": "Windows Network File System Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}}}