Vulnerability Details : CVE-2023-28252
Public exploit exists!
Used for ransomware!
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Vulnerability category: Gain privilege
CVE-2023-28252 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252; https://nvd.nist.gov/vuln/detail/CVE-2023-28252
Added on
2023-04-11
Action due date
2023-05-02
Exploit prediction scoring system (EPSS) score for CVE-2023-28252
1.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2023-28252
-
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
Disclosure Date: 2023-04-11First seen: 2023-10-08exploit/windows/local/cve_2023_28252_clfs_driverA privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. The clfs.sys driver contains a function CreateLogFile that is used to create
CVSS scores for CVE-2023-28252
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
Microsoft Corporation |
CWE ids for CVE-2023-28252
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secure@microsoft.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-28252
-
http://packetstormsecurity.com/files/174668/Windows-Common-Log-File-System-Driver-clfs.sys-Privilege-Escalation.html
Windows Common Log File System Driver (clfs.sys) Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252
CVE-2023-28252 - Security Update Guide - Microsoft - Windows Common Log File System Driver Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Products affected by CVE-2023-28252
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*