CVE-2023-41765

Опубликовано: 10 окт. 2023

Источник: msrc

CVSS3: 8.1

EPSS Низкий

Описание

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Меры по смягчению последствий

The following mitigation might be helpful in your situation:

This vulnerability is only exploitable on Windows Servers that have installed and configured the Routing and Remote Access Service (RRAS) role with L2TP support, which is not installed and configured by default.

Please see Routing and Remote Access Server (RRAS) | Microsoft Learn for more information. You might also benefit by reading more about Roles here: Roles, Role Services, and Features included in Windows Server - Server Core | Microsoft Learn.

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

How could an attacker exploit this vulnerability?

An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5031416 5031411	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5031416 5031411	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5031416 5031411	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5031408 5031441	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5031408 5031441	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5031416 5031411	Monthly Rollup Security Only
Windows Server 2012	5031442 5031427	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	5031442 5031427	Monthly Rollup Security Only
Windows Server 2012 R2	5031419 5031407	Monthly Rollup Security Only
Windows Server 2012 R2 (Server Core installation)	5031419 5031407	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 45%

0.00218

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2023-41765

CVSS3: 8.1

nvd

почти 2 года назад

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

GHSA-fr45-3pq8-cqp4

CVSS3: 8.1

github

почти 2 года назад

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

BDU:2023-06668

CVSS3: 8.1

fstec

почти 2 года назад

Уязвимость реализации протокола Layer 2 Tunneling Protocol (L2TP) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 45%

0.00218

Низкий

8.1 High

CVSS3