cbcvebase.
CVE-2023-21547
published 2023-01-10

CVE-2023-21547: Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

PriorityP354high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
88.23%
99.7th percentile
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability

Affected

23 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10_version_1507>= 10.0.10240.0 < 10.0.10240.1968510.0.10240.19685
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.564810.0.14393.5648
microsoftwindows_10_version_1809>= 10.0.0 < 10.0.17763.388710.0.17763.3887
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.388710.0.17763.3887
microsoftwindows_10_version_20h2>= 10.0.0 < 10.0.19042.248610.0.19042.2486
microsoftwindows_10_version_21h2>= 10.0.19043.0 < 10.0.19044.248610.0.19044.2486
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.248610.0.19045.2486
microsoftwindows_11_version_21h2>= 10.0.0 < 10.0.22000.145510.0.22000.1455
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.110510.0.22621.1105
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.564810.0.14393.5648
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.388710.0.17763.3887
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.148710.0.20348.1487
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_20h2
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_11_version_21h2
msrcwindows_11_version_22h2
msrcwindows_server_2016
msrcwindows_server_2019
msrcwindows_server_2022

Detection & IOCsextracted from sources · hover to see the quote

  • ·No active exploitation or public proof-of-concept reported; Microsoft rates exploitation as 'Less Likely' for latest software release.
  • ·Affected component is the Windows Internet Key Exchange (IKE) Protocol stack; customer action (patching) is required.
  • ·Impact is Denial of Service against the IKE protocol service.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.