CVE-2023-24871
Published: 14 March 2023
Summary
CVE-2023-24871 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Microsoft Windows 10 20H2. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2023-24871 is a remote code execution vulnerability in the Windows Bluetooth Service, carrying a CVSS 3.1 base score of 8.8. The flaw is associated with CWE-190 and permits an attacker to execute arbitrary code on an affected Windows system when the Bluetooth service processes specially crafted input.
An unauthenticated attacker with adjacent-network access can exploit the issue without user interaction to achieve full compromise of confidentiality, integrity, and availability on the target host. The attack vector requires proximity sufficient for Bluetooth communication but imposes no additional privileges or user actions.
Microsoft’s advisory at the referenced MSRC URL addresses mitigation through available security updates that resolve the vulnerability in supported Windows releases. The EPSS score has reached a peak of 0.5961 with a current value of 0.5346, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28861
Vulnerability details
Windows Bluetooth Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.