CVE-2023-35387
published 2023-08-08CVE-2023-35387: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
PriorityP342high8.8CVSS 3.1
AVAACLPRNUIRSCCHIHAH
EPSS
1.19%
63.9th percentile
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20107 | 10.0.10240.20107 |
| microsoft | windows_10_1607 | < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_10_1809 | < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_21h2 | < 10.0.19044.3324 | 10.0.19044.3324 |
| microsoft | windows_10_22h2 | < 10.0.19045.3324 | 10.0.19045.3324 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20107 | 10.0.10240.20107 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3324 | 10.0.19044.3324 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3324 | 10.0.19045.3324 |
| microsoft | windows_11_21h2 | < 10.0.22000.2295 | 10.0.22000.2295 |
| microsoft | windows_11_22h2 | < 10.0.22621.2134 | 10.0.22621.2134 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2295 | 10.0.22000.2295 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2134 | 10.0.22621.2134 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24414 | 6.2.9200.24414 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21503 | 6.3.9600.21503 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6167 | 10.0.14393.6167 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4737 | 10.0.17763.4737 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
vendor_msrc·2023-08-08·CVSS 8.8
CVE-2023-35387 [HIGH] CWE-191 Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires that an attacker will need to first gain access to the restricted network before running an attack.
FAQ: How could an attacker exploit this vulnerability?
An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
FAQ: According to t
GHSA
GHSA-r3h2-76p7-jwr7: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-08-08
CVE-2023-35387 [HIGH] GHSA-r3h2-76p7-jwr7: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-08
Published