CVE-2023-21559 : Windows Cryptographic Information Disclosure Vulnerability

Windows Cryptographic Information Disclosure Vulnerability

Published 2023-01-10 22:15:16

Updated 2024-05-29 03:15:17

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2023-21559

Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 11 21h2 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 22h2 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 1809 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1809 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 1809 » Version: N/A For X86
cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 21h2 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 21h2 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 21h2 » Version: N/A For X86
cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 20h2 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 20h2 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 20h2 » Version: N/A For X86
cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 22h2 » Version: N/A For X64
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 22h2 » Version: N/A For Arm64
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*
Matching versions
Microsoft » Windows 10 22h2 » Version: N/A For X86
cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-21559

EPSS FAQ

1.62%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-21559

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	Microsoft Corporation
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-21559

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2023-21559

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21559

CVE-2023-21559 - Security Update Guide - Microsoft - Windows Cryptographic Information Disclosure Vulnerability

Jump to

Vulnerability Details : CVE-2023-21559

Products affected by CVE-2023-21559

Exploit prediction scoring system (EPSS) score for CVE-2023-21559

CVSS scores for CVE-2023-21559

CWE ids for CVE-2023-21559

References for CVE-2023-21559