CVE-2023-28267

EUVD-2023-31974
Remote Desktop Protocol Client Information Disclosure Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
microsoftCNA
6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
microsoftremote_desktop_client
𝑥
< 1.2.4157
microsoftwindows_10_1507
𝑥
< 10.0.10240.19869
microsoftwindows_10_1607
𝑥
< 10.0.14393.5850
microsoftwindows_10_1809
𝑥
< 10.0.17763.4252
microsoftwindows_10_20h2
𝑥
< 10.0.19042.2846
microsoftwindows_10_21h2
𝑥
< 10.0.19044.2846
microsoftwindows_10_22h2
𝑥
< 10.0.19045.2846
microsoftwindows_11_21h2
𝑥
< 10.0.22000.1817
microsoftwindows_11_22h2
𝑥
< 10.0.22621.1555
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
microsoftwindows_server_2022
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5025234
1607 (x64, x86)
KB5025228
1809 (arm64, x64, x86)
KB5025229
20H2 (arm64, x86)
KB5025221
21H2 (arm64, x64, x86)
KB5025221
22H2 (arm64, x64, x86)
KB5025221
Windows 11
21H2 (arm64, x64)
KB5025224
22H2 (arm64, x64)
KB5025239
Windows Server 2008 R2
Service Pack 1 (x64)
KB5025279
Service Pack 1 Server Core (x64)
KB5025279
Windows Server 2012
Server Core
KB5025287
Standard
KB5025287
Windows Server 2012 R2
Server Core
KB5025288
Standard
KB5025288
Windows Server 2016
Server Core
KB5025228
Standard
KB5025228
Windows Server 2019
Server Core
KB5025229
Standard
KB5025229
Windows Server 2022
Server Core
KB5025230
Standard
KB5025230
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28267