Vulnerability Details : CVE-2023-34367
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-34367
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34367
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34367
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2023-34367
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-34367
-
https://portswigger.net/daily-swig/blind-tcp-ip-hijacking-is-resurrected-for-windows-7
Blind TCP/IP hijacking is resurrected for Windows 7 | The Daily SwigExploit;Technical Description
-
https://pwnies.com/windows-7-blind-tcp-ip-hijacking/
Windows 7 blind TCP/IP Hijacking – PwniesThird Party Advisory
-
http://blog.pi3.com.pl/?p=850
Windows 7 TCP/IP hijacking : pi3 blogExploit;Technical Description;Third Party Advisory
Jump to