CVE-2023-36723
Published: 10 October 2023
Summary
CVE-2023-36723 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 8.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Windows Container Manager Service contains an elevation of privilege vulnerability tracked as CVE-2023-36723. The flaw affects the Windows Container Manager Service component and carries a CVSS 3.1 base score of 7.8, reflecting local attack vector, low attack complexity, and low privileges required. The associated CWEs include CWE-59.
A local attacker with low privileges can exploit the issue without user interaction to obtain full control over confidentiality, integrity, and availability on the affected system, resulting in elevation to higher privileges.
Microsoft has published an advisory for CVE-2023-36723 that directs administrators to the corresponding security update for remediation. The current EPSS score of 0.0751, with a recorded peak of 0.0819, indicates limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-40666
Vulnerability details
Windows Container Manager Service Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.