CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 5.3)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- More Likely
- Patch Tuesday
- 2023-Sep
- Released
- 2023-09-12
- EPSS Score
- 2.39% (percentile: 85.0%)
FAQ
What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).
Affected Products (16)
Windows
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server 2022
- Windows Server 2022 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
ESU
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core installation)
Security Updates (12)
Acknowledgments
YanZiShuang@BigCJTeam of cyberkl
Revision History
- 2023-09-12: Information published.