CVE-2023-36802

Published Sep 12, 2023

Last updated a month ago

Exploit known CVSS high 7.8

Overview

Description: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Known exploits

Data from CISA

Vulnerability name: Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Exploit added on: Sep 12, 2023
Exploit action due: Oct 3, 2023
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com: CWE-416
nvd@nist.gov: CWE-416

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "9F334D4D-228A-4232-ADE1-85538FC40DC8",
            "versionEndExcluding": "10.0.17763.4851"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "427F3169-0B3A-42E2-92E5-E3FFC525BBE4",
            "versionEndExcluding": "10.0.17763.4851"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "84FE8A09-C6C4-421D-83A3-B1C297C48242",
            "versionEndExcluding": "10.0.17763.4851"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "139662E6-EF56-4398-AEE8-406B8D4F1BC4",
            "versionEndExcluding": "10.0.19044.3448"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36C0F053-7225-4428-A7D5-7FE2E5036E79",
            "versionEndExcluding": "10.0.19045.3448"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42BAE974-E011-42BC-BE68-E394DFF2F92D",
            "versionEndExcluding": "10.0.22000.2416"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1128C36-7004-461A-AF79-A530709E8B45",
            "versionEndExcluding": "10.0.22621.2275"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AD4B932-AE40-443F-87A6-7D033E9B48D7",
            "versionEndExcluding": "10.0.17763.4851"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3D34BDA-C7E8-4049-937B-34E436B6D6D4",
            "versionEndExcluding": "10.0.20348.1970"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Known exploits

Weaknesses

Social media

Configurations

References