CVE-2023-35331 : Windows Local Security Authority (LSA) Denial of Service Vulnerability

Windows Local Security Authority (LSA) Denial of Service Vulnerability

Published 2023-07-11 18:15:18

Updated 2023-07-14 21:40:16

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-35331

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 36 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	Microsoft Corporation
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35331

CVE-2023-35331 - Security Update Guide - Microsoft - Windows Local Security Authority (LSA) Denial of Service Vulnerability
Patch;Vendor Advisory

Jump to