Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-21752

CWE-284Improper Access Control5 documents5 sources
Severity
7.1HIGH
EPSS
52.0%
top 2.09%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
12
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+9 more
Timeline
PublishedJan 10
Latest updateApr 3

Description

Windows Backup Service Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages12 packages

CVEListV5microsoft/windows_7_service_pack_16.1.06.1.7601.26321
CVEListV5microsoft/windows_76.1.06.1.7601.26321
CVEListV5microsoft/windows_10_version_150710.0.10240.010.0.10240.19685
CVEListV5microsoft/windows_10_version_160710.0.14393.010.0.14393.5648
CVEListV5microsoft/windows_10_version_180910.0.17763.010.0.17763.3887+1

🔴Vulnerability Details

2
GHSA
GHSA-4v5x-38hq-2rvf: Windows Backup Service Elevation of Privilege Vulnerability2023-01-11
CVEList
Windows Backup Service Elevation of Privilege Vulnerability2023-01-10

💥Exploits & PoCs

1
Exploit-DB
Windows 11 10.0.22000 - Backup service Privilege Escalation2023-04-03

📋Vendor Advisories

1
Microsoft
Windows Backup Service Elevation of Privilege Vulnerability2023-01-10