CVE-2023-24856 : Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulner

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

Published 2023-03-14 17:15:16

Updated 2024-05-29 04:15:22

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2023-24856

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
Versions before (<) 10.0.10240.19805
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2
Versions before (<) 10.0.22000.1696
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2
Versions before (<) 10.0.22000.1413
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1607
Versions before (<) 10.0.14393.5786
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1809
Versions before (<) 10.0.17763.4131
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 21h2
Versions before (<) 10.0.19044.2728
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 20h2
Versions before (<) 10.0.19042.2728
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2
Versions before (<) 10.0.19045.2728
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-24856

EPSS FAQ

5.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 90 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-24856

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	Microsoft Corporation	2024-05-28
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	Microsoft Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-24856

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2023-24856

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24856

CVE-2023-24856 - Security Update Guide - Microsoft - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-24856

Products affected by CVE-2023-24856

Exploit prediction scoring system (EPSS) score for CVE-2023-24856

CVSS scores for CVE-2023-24856

CWE ids for CVE-2023-24856

References for CVE-2023-24856