cbcvebase.
CVE-2023-23392
published 2023-03-14

CVE-2023-23392: HTTP Protocol Stack Remote Code Execution Vulnerability

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.67%
73.9th percentile
HTTP Protocol Stack Remote Code Execution Vulnerability

Affected

10 ranges
VendorProductVersion rangeFixed in
microsoftwindows_11_21h2< 10.0.22000.169610.0.22000.1696
microsoftwindows_11_22h2< 10.0.22000.141310.0.22000.1413
microsoftwindows_11_version_21h2>= 10.0.0 < 10.0.22000.169610.0.22000.1696
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.141310.0.22621.1413
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.160710.0.20348.1607
msrcwindows_11_version_21h2_for_arm64-based_systems
msrcwindows_11_version_21h2_for_x64-based_systems
msrcwindows_11_version_22h2_for_arm64-based_systems
msrcwindows_11_version_22h2_for_x64-based_systems
msrcwindows_server_2022

Detection & IOCsextracted from sources · hover to see the quote

  • Target attack vector: unauthenticated attacker sends a specially crafted packet to a server using HTTP Protocol Stack (http.sys)
  • Vulnerability is only exploitable when HTTP/3 is enabled on the binding AND the server uses buffered I/O — focus detection on servers with this configuration
  • ·HTTP/3 support is enabled via a registry key on Windows Server 2022; servers without this registry key enabled are NOT vulnerable — scope detection accordingly
  • ·Exploitation assessed as 'More Likely' for latest software release; no public exploit or in-the-wild exploitation confirmed at time of advisory

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.