cve-2023-28283
Vulnerability from cvelistv5
Published
2023-05-09 17:02
Modified
2024-08-02 12:38
Severity
8.1 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
References
SourceURLTags
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283Patch, Vendor Advisory
Impacted products
VendorProduct
MicrosoftWindows 10 Version 1809
MicrosoftWindows Server 2019
MicrosoftWindows Server 2019 (Server Core installation)
MicrosoftWindows Server 2022
MicrosoftWindows 10 Version 20H2
MicrosoftWindows 11 version 21H2
MicrosoftWindows 10 Version 21H2
MicrosoftWindows 11 version 22H2
MicrosoftWindows 10 Version 22H2
MicrosoftWindows 10 Version 1507
MicrosoftWindows 10 Version 1607
MicrosoftWindows Server 2016
MicrosoftWindows Server 2016 (Server Core installation)
MicrosoftWindows Server 2008 Service Pack 2
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation)
MicrosoftWindows Server 2008 Service Pack 2
MicrosoftWindows Server 2008 R2 Service Pack 1
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation)
MicrosoftWindows Server 2012
MicrosoftWindows Server 2012 (Server Core installation)
MicrosoftWindows Server 2012 R2
MicrosoftWindows Server 2012 R2 (Server Core installation)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:23.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4377:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4377:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4377:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4377",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4377:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4377",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4377:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4377",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1726:*:*:*:*:*:*:*",
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1724:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.1726",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.20348.1724",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2965:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.2965:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.2965",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.1936:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.1936",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.2965:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.2965",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1702:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1702:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.1702",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.2965:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.2965",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19926:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19926:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19926",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5921:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5921:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5921",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5921:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5921",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5921:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5921",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22070:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22070",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22070:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22070:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22070",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22070:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008  Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.6003.22070",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.26519:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26519",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.26519:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.1.7601.26519",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24266:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24266",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24266:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.9200.24266",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20969:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20969",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20969:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.9600.20969",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-05-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-591",
              "description": "CWE-591: Sensitive Data Storage in Improperly Locked Memory",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T01:50:38.186Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283"
        }
      ],
      "title": "Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-28283",
    "datePublished": "2023-05-09T17:02:49.863Z",
    "dateReserved": "2023-03-13T22:23:36.184Z",
    "dateUpdated": "2024-08-02T12:38:23.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28283\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-05-09T18:15:13.490\",\"lastModified\":\"2024-05-29T02:15:34.657\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-591\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.10240.19926\",\"matchCriteriaId\":\"0855C3A7-36C3-4398-9208-1FC8A02F40D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.5921\",\"matchCriteriaId\":\"BAB00F09-4CCF-4AB6-85CE-07298A21C1D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4377\",\"matchCriteriaId\":\"DAF1C808-45D2-4C43-81F0-0E3DC697A31A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.2965\",\"matchCriteriaId\":\"8B7C959F-A277-4B18-B7D8-6CC8A5D01469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.2965\",\"matchCriteriaId\":\"B1DB7F7A-A2CA-462C-A75C-A6739899C14B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.2965\",\"matchCriteriaId\":\"A7450AB6-B09E-4C37-82FD-274675C0F8AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.1936\",\"matchCriteriaId\":\"7E42EF0F-F78C-49E8-BC26-09AF1C0730E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.1702\",\"matchCriteriaId\":\"C8267EF4-E3E6-4FA1-8090-965AE770B313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821614DD-37DD-44E2-A8A4-FE8D23A33C3C\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.