CVE-2023-24858
Published: 14 March 2023
Summary
CVE-2023-24858 is a high-severity Buffer Over-read (CWE-126) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 5.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2023-24858 is an information disclosure flaw in the Microsoft PostScript and PCL6 Class Printer Driver, carrying a CVSS 7.5 score with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and linked to CWE-126. It affects the handling of printer driver components in Microsoft software.
A remote attacker can exploit the issue over the network without authentication or user interaction to disclose sensitive information from the affected driver.
Microsoft has published an advisory for the vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24858 that covers mitigation steps and available updates.
The EPSS score shows a current and peak value of 0.1298 with no indicated rise after disclosure, and no details on real-world exploitation are provided in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28848
Vulnerability details
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.