CVE-2023-21811
Published: 14 February 2023
Summary
CVE-2023-21811 is a high-severity Buffer Over-read (CWE-126) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-21811 is a denial of service vulnerability in the Windows iSCSI Service, assigned a CVSS 3.1 base score of 7.5 with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The associated CWEs are CWE-126 and NVD-CWE-noinfo. It was published on 14 February 2023.
Remote unauthenticated attackers can exploit the flaw over the network with low attack complexity to produce a high impact on availability while leaving confidentiality and integrity unaffected. No user interaction or privileges are required.
Microsoft security advisories at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21811 describe the issue and corresponding updates. The EPSS score remains flat at 0.1705 with no material rise from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25977
Vulnerability details
Windows iSCSI Service Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.