@RISK: The Consensus Security Vulnerability Alert: Vol. 23, Num. 07

@RISK: The Consensus Security Vulnerability Alert
February 16, 2023 – Vol. 23, Num. 07

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft February 2023 Patch Tuesday
Published: 2023-02-14
Last Updated: 2023-02-15 01:19:13 UTC
by Johannes Ullrich (Version: 1)

Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as “Critical” by Microsoft.

Three of the vulnerabilities, all rated “important”, are already being exploited:

CVE-2023-21715: Microsoft Publisher Security Feature Bypass. This vulnerability will allow the execution of macros bypassing policies blocking them.

CVE-2023-23376: Windows Common Log File Ssytem Driver Elevation of Privilege Vulnerability

CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability. Patches for this vulnerability may only be available via the Microsoft Store. Make sure you have these updates enabled.

Some additional vulnerabilities of interest:

CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Likely not the most common issue to be patched this month, but something that may easily be missed. This vulnerability, if exploited, could be used for lateral movement.

CVE-2023-21716 – Microsoft Word Remote Code Execution VulnerabilityCVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21716
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21716

CVE-2023-21803 – Windows iSCSI Discovery Service Remote Code Execution VulnerabilityCVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21803
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21803

CVE-2023-21692 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilitiesCVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21689
– https://nvd.nist.gov/vuln/detail/CVE-2023-21690
– https://nvd.nist.gov/vuln/detail/CVE-2023-21692
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21690
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21692

CVE-2022-31249 – A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.CVSS Score: 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31249
NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1200299

CVE-2022-43757 – A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.CVSS Score: 9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-43757
NVD References: https://bugzilla.suse.com/show_bug.cgi?id=1205295

CVE-2022-24990 – TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.CVSS Score: 0
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
** KEV since 2023-02-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-24990
NVD References:
– https://forum.terra-master.com/en/viewforum.php?f=28
– https://github.com/0xf4n9x/CVE-2022-24990
– https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
– https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33732

CVE-2023-24813 – Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it’s possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24813
NVD References:
– https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa
– https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75

CVE-2022-43761 – Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.CVE-2022-43764 – Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code.CVSS Score: 9.4 – 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L and 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2022-43761
– https://nvd.nist.gov/vuln/detail/CVE-2022-43764
NVD References:https://www.br-automation.com/downloads_br_productcatalogue/assets/1674823095245-en-original-1.0.pdf

CVE-2023-25168 – Wings is Pterodactyl’s server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.CVSS Score: 9.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25168
NVD References:
– https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
– https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
– https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5

CVE-2023-0776 – Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-0776
NVD References: https://baicells.com/Service/Firmware

CVE-2022-25729 – Memory corruption in modem due to improper length check while copying into memoryCVE-2022-33232 – Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.CVE-2022-33279 – Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.CVE-2022-40514 – Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.CVSS Score: 9.3 – 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2022-25729
– https://nvd.nist.gov/vuln/detail/CVE-2022-33232
– https://nvd.nist.gov/vuln/detail/CVE-2022-33279
– https://nvd.nist.gov/vuln/detail/CVE-2022-40514
NVD References: https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin

CVE-2023-23551 – Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code.CVSS Score: 9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23551
NVD References: https://www.cisa.gov/uscert/ics/advisories/icsa-23-040-01

CVE-2023-24482 – A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.CVSS Score: 10.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24482
NVD References: https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf

CVE-2023-21528 – Microsoft SQL Server Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21528
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528

CVE-2023-21529 – Microsoft Exchange Server Remote Code Execution VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21529
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529

CVE-2023-21564 – Azure DevOps Server Cross-Site Scripting VulnerabilityCVSS Score: 7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21564
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21564

CVE-2023-21568 – Microsoft SQL Server Integration Service (VS extension) Remote Code Execution VulnerabilityCVSS Score: 7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21568
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21568

CVE-2023-21684 – Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21684
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21684

CVE-2023-21685 – Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21685
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21685

CVE-2023-21686 – Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21686
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21686

CVE-2023-21688 – NT OS Kernel Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21688
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688

CVE-2023-21691 – Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21691
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691

CVE-2023-21695 – Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21695
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21695

CVE-2023-21701 – Microsoft Protected Extensible Authentication Protocol (PEAP) Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21701
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21701

CVE-2023-21700 – Windows iSCSI Discovery Service Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21700
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21700

CVE-2023-21702 – Windows iSCSI Service Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21702
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21702

CVE-2023-21704 – Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21704
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704

CVE-2023-21705 and CVE-2023-21713 – Microsoft SQL Server Remote Code Execution VulnerabilitiesCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21705
– https://nvd.nist.gov/vuln/detail/CVE-2023-21713
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713

CVE-2023-21710 – Microsoft Exchange Server Remote Code Execution VulnerabilitiesCVSS Scores: 7.2 – 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21706
– https://nvd.nist.gov/vuln/detail/CVE-2023-21707
– https://nvd.nist.gov/vuln/detail/CVE-2023-21710
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710

CVE-2023-21717 – Microsoft SharePoint Server Elevation of Privilege VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21717
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21717

CVE-2023-21718 – Microsoft SQL ODBC Driver Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21718
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718

CVE-2023-21777 – Azure App Service on Azure Stack Hub Elevation of Privilege VulnerabilityCVSS Score: 8.7
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21777
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21777

CVE-2023-21797 and CVE-2023-21798 – Microsoft ODBC Driver Remote Code Execution VulnerabilitiesCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21797
– https://nvd.nist.gov/vuln/detail/CVE-2023-21798
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21797
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21798

CVE-2023-21799 – Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityCVSS Score: 8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21799
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21799

CVE-2023-21800 – Windows Installer Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21800
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21800

CVE-2023-21801 – Microsoft PostScript Printer Driver Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21801
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21801

CVE-2023-21802 – Windows Media Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21802
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21802

CVE-2023-21804 – Windows Graphics Component Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21804
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21804

CVE-2023-21805 – Windows MSHTML Platform Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21805
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21805

CVE-2023-21806 – Power BI Report Server Spoofing VulnerabilityCVSS Score: 8.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21806
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21806

CVE-2023-21809 – Microsoft Defender for Endpoint Security Feature Bypass VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21809
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21809

CVE-2023-21811 – Windows iSCSI Service Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21811
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21811

CVE-2023-21812 – Windows Common Log File System Driver Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21812
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21812

CVE-2023-21813 – Windows Secure Channel Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21813
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21813

CVE-2023-21816 – Windows Active Directory Domain Services API Denial of Service VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21816
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21816

CVE-2023-21817 – Windows Kerberos Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21817
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817

CVE-2023-21818 and CVE-2023-21819 – Windows Secure Channel Denial of Service VulnerabilitiesCVSS Score: 7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21818
– https://nvd.nist.gov/vuln/detail/CVE-2023-21819
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21818
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21819

CVE-2023-21820 – Windows Distributed File System (DFS) Remote Code Execution VulnerabilityCVSS Score: 7.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21820
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21820

CVE-2023-21822 – Windows Graphics Component Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21822
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21822

CVE-2023-23374 – Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCVSS Score: 8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23374
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23374

CVE-2023-23377 – 3D Builder Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23377
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23377

CVE-2023-23378 – Print 3D Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23378
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23378

CVE-2023-23390 – 3D Builder Remote Code Execution VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23390
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23390

CVE-2023-21553 – Azure DevOps Server Remote Code Execution VulnerabilityCVSS Score: 7.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21553
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21553

CVE-2023-21566 – Visual Studio Elevation of Privilege VulnerabilityCVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21566
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21566

CVE-2023-21778 – Microsoft Dynamics Unified Service Desk Remote Code Execution VulnerabilityCVSS Score: 8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21778
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21778

CVE-2023-21808 – .NET and Visual Studio Remote Code Execution VulnerabilityCVSS Score: 8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-21808
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21808

CVE-2023-21815 and CVE-2023-23381 – Visual Studio Remote Code Execution VulnerabilitiesCVSS Score: 8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
NVD:
– https://nvd.nist.gov/vuln/detail/CVE-2023-21815
– https://nvd.nist.gov/vuln/detail/CVE-2023-23381
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details:
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21815
– https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381

CVE-2019-15126 – Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN deviceCVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-15126
ISC Diary: https://isc.sans.edu/diary/29548
MSFT Details: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-15126