Vulnerability Details : CVE-2023-34367

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.

Vulnerability category: BypassGain privilege

Published 2023-06-14 20:15:10

Updated 2023-06-30 21:13:38

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-34367

Probability of exploitation activity in the next 30 days: 0.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-34367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2023-34367

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-34367

https://portswigger.net/daily-swig/blind-tcp-ip-hijacking-is-resurrected-for-windows-7

Blind TCP/IP hijacking is resurrected for Windows 7 | The Daily Swig
Exploit;Technical Description
https://pwnies.com/windows-7-blind-tcp-ip-hijacking/

Windows 7 blind TCP/IP Hijacking – Pwnies
Third Party Advisory
http://blog.pi3.com.pl/?p=850

Windows 7 TCP/IP hijacking : pi3 blog
Exploit;Technical Description;Third Party Advisory

Products affected by CVE-2023-34367

Microsoft » Windows 7 » Version: N/A
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Matching versions