CVE-2023-35299
published 2023-07-11CVE-2023-35299: Windows Common Log File System Driver Elevation of Privilege Vulnerability
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.41%
32.2th percentile
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_1607 | < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_1809 | < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_21h2 | < 10.0.19041.3208 | 10.0.19041.3208 |
| microsoft | windows_10_22h2 | < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3208 | 10.0.19044.3208 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_11_21h2 | < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_22h2 | < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26623 | 6.1.7601.26623 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22175 | 6.0.6003.22175 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24374 | 6.2.9200.24374 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21063 | 6.3.9600.21063 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1850 | 10.0.20348.1850 |
| msrc | windows_10 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-868r-pqhj-vm2g: Windows Common Log File System Driver Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-07-11
CVE-2023-35299 [HIGH] GHSA-868r-pqhj-vm2g: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft
Windows Common Log File System Driver Elevation of Privilege Vulnerability
vendor_msrc·2023-07-11·CVSS 7.8
CVE-2023-35299 [HIGH] CWE-125 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Common Log File System Driver: Windows Common Log File System Driver
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028168
Reference: https://support.microsoft.com/help/5028168
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5028171
Reference: https://support.microsoft.com/help/5
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-11
Published