CVE-2023-35365

Vulnerability updated 2 months ago (2024-11-29T14:29:28.835Z)

Download STIX

Preview STIX

CVE-2023-35365 is a critical vulnerability identified in the Windows Routing and Remote Access Service (RRAS). This flaw in software design or implementation allows for remote code execution (RCE), which can lead to unauthorized access, data theft, or even control over an affected system. The vulnerability has been given a severity rating of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), indicating its high risk and potential impact. This vulnerability was discovered alongside two others, CVE-2023-35366 and CVE-2023-35367, all of which affect the Windows RRAS. Security researchers have highlighted these three vulnerabilities as meriting priority attention due to their severe implications. All three of these vulnerabilities allow for RCE, making them particularly dangerous and urgent to address. Microsoft has acknowledged the existence of CVE-2023-35365 and its associated vulnerabilities. It is recommended that users promptly apply patches provided by Microsoft to mitigate the risks posed by these vulnerabilities. Failing to do so could leave systems exposed to potential exploitation, with consequences ranging from unauthorized system access to potential data breaches.

Description last updated: 2024-05-04T17:25:43.661Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The vulnerability CVE-2023-35366 is associated with CVE-2023-35365.	Unspecified	2
The vulnerability CVE-2023-35367 is associated with CVE-2023-35365.	Unspecified	2

Source Document References

Information about the CVE-2023-35365 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Tripwire Patch Priority Index for July 2023
CrowdStrike	2 years ago	July 2023 Patch Tuesday: Updates and Analysis \| CrowdStrike
CERT-EU	2 years ago	Four zero-days make July 's Patch Tuesday a 'patch now' update
CERT-EU	2 years ago	Microsoft Scorches 132 Flaws in July's Security Patch -- Redmondmag.com
CERT-EU	2 years ago	GovCERT.HK - Security Alerts
CERT-EU	2 years ago	Patch Tuesday. Four zero-days fixed, one mitigated in Microsoft's largest update this year
CERT-EU	2 years ago	Вторник патчей: Microsoft закрыла шесть уязвимостей, используемых в
CERT-EU	2 years ago	Лазейка в Windows позволила загружать вредоносные драйверы уровня ядра
CERT-EU	2 years ago	Microsoft scrambles zero-day fixes in bumper patch crop
CERT-EU	2 years ago	Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review \| Qualys Security Blog
DARKReading	2 years ago	Microsoft Discloses 5 Zero-Days in Voluminous July Security Update