CVE-2023-21722 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
microsoft	CNA	5 MEDIUM				CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5.1
microsoft	.net_framework	3.0:sp2
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5022858
1607 (x64, x86)	KB5022503
1607 (x64, x86)	KB5022838
1809 (arm64, x64, x64, x86, x86)	KB5022782
20H2 (arm64, arm64, x86, x86)	KB5022727
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5022728
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5022729

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5022730
22H2 (arm64, x64)	KB5022497

Windows Server 2008

Service Pack 2 (x64, x64, x86, x86)	KB5022786
Service Pack 2 Server Core (x64, x86)	KB5022786

Windows Server 2008 R2

Service Pack 1 (x64, x64, x64)	KB5022783
Service Pack 1 Server Core (x64, x64, x64)	KB5022783

Windows Server 2012

Server Core	KB5022784
Standard	KB5022784

Windows Server 2012 R2

Server Core	KB5022785
Standard	KB5022785

Windows Server 2016

Server Core	KB5022838
Server Core	KB5022503
Standard	KB5022838
Standard	KB5022503

Windows Server 2019

Server Core	KB5022782
Standard	KB5022782

Windows Server 2022

Server Core	KB5022735
Standard	KB5022735

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
kinetic	ignored
lunar	not-affected
trusty	ignored
xenial	ignored

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21722

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21722