cve-2023-29360
Vulnerability from cvelistv5
Published
2023-06-13 23:26
Modified
2024-08-02 14:07
Severity
8.4 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
Microsoft Streaming Service Elevation of Privilege Vulnerability
References
SourceURLTags
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360Patch, Vendor Advisory
Impacted products
VendorProduct
MicrosoftWindows 10 Version 1809
MicrosoftWindows Server 2019
MicrosoftWindows Server 2019 (Server Core installation)
MicrosoftWindows Server 2022
MicrosoftWindows 11 version 21H2
MicrosoftWindows 10 Version 21H2
MicrosoftWindows 11 version 22H2
MicrosoftWindows 10 Version 22H2
MicrosoftWindows 10 Version 1607
MicrosoftWindows Server 2016
MicrosoftWindows Server 2016 (Server Core installation)
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2024-02-29

Due date: 2024-03-21

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29360",
                "options": [
                  {
                    "Exploitation": "Active"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-01T05:00:47.855853Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-02-29",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29360"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:28.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.733Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Windows TPM Device Driver Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4499:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4499:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.4499:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4499",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4499:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4499",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4499:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.4499",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1787:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.1787",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.20348.1784",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2057:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2057:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.2057",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3086:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3086:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.3086:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19044.3086",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1848:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.1848:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 11 version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22621.1848",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3086:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3086:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.3086:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 22H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19045.3086",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5989:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.5989:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5989",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5989:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5989",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5989:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5989",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Streaming Service Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:22:04.837Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows TPM Device Driver Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360"
        }
      ],
      "title": "Microsoft Streaming Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29360",
    "datePublished": "2023-06-13T23:26:04.551Z",
    "dateReserved": "2023-04-04T22:34:18.384Z",
    "dateUpdated": "2024-08-02T14:07:45.733Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-29360",
      "dateAdded": "2024-02-29",
      "dueDate": "2024-03-21",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360",
      "product": "Streaming Service",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-29360\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2023-06-14T00:15:10.067\",\"lastModified\":\"2024-06-10T15:29:38.673\",\"vulnStatus\":\"Analyzed\",\"cisaExploitAdd\":\"2024-02-29\",\"cisaActionDue\":\"2024-03-21\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Streaming Service Elevation of Privilege Vulnerability\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-822\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*\",\"versionEndExcluding\":\"10.0.14393.5989\",\"matchCriteriaId\":\"CB89DC1F-2A03-4235-B6FD-EF80FF8B3C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*\",\"versionEndExcluding\":\"10.0.14393.5989\",\"matchCriteriaId\":\"E5B21E84-205B-4407-90AF-4775E5D2E882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4499\",\"matchCriteriaId\":\"92D1F996-A2DF-4163-B49B-F1A340D7E207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19044.3086\",\"matchCriteriaId\":\"DE69891C-7531-4FC0-9A68-D49E9ADB782E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19045.3086\",\"matchCriteriaId\":\"F9CF581A-4B1C-4278-A9DD-1E8D8708C91D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22000.2057\",\"matchCriteriaId\":\"15BA332E-5AD9-4586-9322-56658420EC3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.22621.1848\",\"matchCriteriaId\":\"97E9384D-0189-4153-ACE5-E6A698DB6609\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.5989\",\"matchCriteriaId\":\"3EB89BF2-200D-41E0-8336-FF6417B49180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.4499\",\"matchCriteriaId\":\"BABFDA5F-B3B7-4444-8C02-57341378971C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.20348.1784\",\"matchCriteriaId\":\"147B80EA-07E9-4933-BF06-C3328D7FCFC2\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.