CVE-2023-28238 : Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vu

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Published 2023-04-11 21:15:24

Updated 2024-05-29 02:15:29

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-28238

Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2
Versions before (<) 10.0.22000.1817
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2
Versions before (<) 10.0.22621.1555
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1607
Versions before (<) 10.0.14393.5850
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1809
Versions before (<) 10.0.17763.4252
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 21h2
Versions before (<) 10.0.19044.2846
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 20h2
Versions before (<) 10.0.19042.2846
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2
Versions before (<) 10.0.19045.2846
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1507
Versions before (<) 10.0.10240.19869
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-28238

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 72 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-28238

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	Microsoft Corporation
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-28238

CWE-591 Sensitive Data Storage in Improperly Locked Memory

The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2023-28238

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28238

CVE-2023-28238 - Security Update Guide - Microsoft - Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
Mitigation;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-28238

Products affected by CVE-2023-28238

Exploit prediction scoring system (EPSS) score for CVE-2023-28238

CVSS scores for CVE-2023-28238

CWE ids for CVE-2023-28238

References for CVE-2023-28238