CVE-2023-29335 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
microsoft	CNA	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10_1507	𝑥 < 10.0.10240.19926
microsoft	windows_10_1607	𝑥 < 10.0.14393.5921
microsoft	windows_10_1809	𝑥 < 10.0.17763.4377
microsoft	windows_10_20h2	𝑥 < 10.0.19042.2965
microsoft	windows_10_21h2	𝑥 < 10.0.19044.2965
microsoft	windows_10_22h2	𝑥 < 10.0.19045.2965
microsoft	windows_11_21h2	𝑥 < 10.0.22000.1936
microsoft	windows_11_22h2	𝑥 < 10.0.22000.1702
microsoft	windows_server_2008	-
microsoft	windows_server_2012	-
microsoft	windows_server_2016	-
microsoft	windows_server_2022	-
microsoft	365_apps	-
microsoft	365_apps	𝑥 < 2304
microsoft	office	𝑥 < 2304

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
microsoft	office_2019	16.0.1 ≤ 𝑥 < 16.0.5395.1000	CNA
microsoft	office_2019	15.0.1 ≤ 𝑥 < 15.0.5553.1000	CNA

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29335