CVE-2023-35630

EUVD-2023-39630
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
8.8 HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.20345
microsoftwindows_10_1607
𝑥
< 10.0.14393.6529
microsoftwindows_10_1809
𝑥
< 10.0.17763.5206
microsoftwindows_10_21h2
𝑥
< 10.0.19041.3803
microsoftwindows_10_22h2
𝑥
< 10.0.19045.3803
microsoftwindows_11_21h2
𝑥
< 10.0.22000.2652
microsoftwindows_11_22h2
𝑥
< 10.0.22621.2861
microsoftwindows_11_23h2
𝑥
< 10.0.22631.2861
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
microsoftwindows_server_2022
-
microsoftwindows_server_2022_23h2
𝑥
< 10.0.25398.584
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5033379
1607 (x64, x86)
KB5033373
1809 (arm64, x64, x86)
KB5033371
21H2 (arm64, x64, x86)
KB5033372
22H2 (arm64, x64, x86)
KB5033372
Windows 11
21H2 (arm64, x64)
KB5033369
22H2 (arm64, x64)
KB5033375
23H2 (arm64, x64)
KB5033375
Windows Server 2008
Service Pack 2 (x64, x86)
KB5033427
Service Pack 2 Server Core (x64, x86)
KB5033427
Windows Server 2008 R2
Service Pack 1 (x64)
KB5033433
Service Pack 1 Server Core (x64)
KB5033433
Windows Server 2012
Server Core
KB5033429
Standard
KB5033429
Windows Server 2012 R2
Server Core
KB5033420
Standard
KB5033420
Windows Server 2016
Server Core
KB5033373
Standard
KB5033373
Windows Server 2019
Server Core
KB5033371
Standard
KB5033371
Windows Server 2022
23H2 Server Core
KB5033383
Server Core
KB5033464
Standard
KB5033464
Common Weakness Enumeration
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630