Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2023-29351

Опубликовано: 13 июн. 2023
Источник: msrc
CVSS3: 8.1
EPSS Низкий

Описание

Windows Group Policy Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N) but have major impact on integrity (I:H) and on availability (A:H). What does that mean for this vulnerability?

This vulnerability does not allow disclosure of any confidential information, but could allow an attacker to delete data that could include data that results in the service being unavailable.

How could an attacker exploit this vulnerability?

This vulnerability could allow a standard domain user to delete arbitrary files and folders with system privileges. This could be achieved when "Folder preference - delete" is configured and the user has write access, allowing them to set a reparse point.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
50272795027277
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2
50272795027277
Monthly RollupSecurity Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
50272795027277
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
50272755027256
Monthly RollupSecurity Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1
50272755027256
Monthly RollupSecurity Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
50272795027277
Monthly RollupSecurity Only
Windows Server 2012
50272835027281
Monthly RollupSecurity Only
Windows Server 2012 (Server Core installation)
50272835027281
Monthly RollupSecurity Only
Windows Server 2012 R2
50272715027282
Monthly RollupSecurity Only
Windows Server 2012 R2 (Server Core installation)
50272715027282
Monthly RollupSecurity Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 86%
0.03175
Низкий

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-29351

CVSS3: 8.1
nvd
около 2 лет назад

Windows Group Policy Elevation of Privilege Vulnerability

github логотип

GHSA-mcj5-f644-3pqj

CVSS3: 8.1
github
около 2 лет назад

Windows Group Policy Elevation of Privilege Vulnerability

fstec логотип

BDU:2023-03338

CVSS3: 8.1
fstec
около 2 лет назад

Уязвимость службы групповой политики (Group Policy Services) операционных систем Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 86%
0.03175
Низкий

8.1 High

CVSS3