CVE-2023-36424

Analyzed

Published: 14 Nov 2023, 17:57

Last modified:14 Apr 2026, 03:55

Vulnerability Summary

Overall Risk (default)

medium

33/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

11.2% MEDIUM

11% probability -9.09%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Nov 2023, 17:57

Published

Vulnerability first disclosed

13 Apr 2026, 00:00

Added to CISA KEV

Microsoft Windows Out-of-Bounds Read Vulnerability

14 Apr 2026, 03:55

Last Modified

Vulnerability information updated

27 Apr 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 11.20%• Percentile: 94%

Techniques & Countermeasures

CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

microsoft•windows_10_1507
< 10.0.10240.20308
microsoft•windows_10_1607
< 10.0.14393.6452
microsoft•windows_10_1809
< 10.0.17763.5122
microsoft•windows_10_21h2
< 10.0.19041.3693 | < 10.0.19044.3693
microsoft•windows_10_22h2
< 10.0.19045.3693
microsoft•windows 10 version 1507
≥ 10.0.10240.0, < 10.0.10240.20308
microsoft•windows 10 version 1607
≥ 10.0.14393.0, < 10.0.14393.6452
microsoft•windows 10 version 1809
≥ 10.0.17763.0, < 10.0.17763.5122 | ≥ 10.0.0, < 10.0.17763.5122
microsoft•windows 10 version 21h2
≥ 10.0.19043.0, < 10.0.19043.3693
microsoft•windows 10 version 22h2
≥ 10.0.19045.0, < 10.0.19045.3693
microsoft•windows_11_21h2
< 10.0.22000.2600
microsoft•windows_11_22h2
< 10.0.22621.2715
microsoft•windows_11_23h2
< 10.0.22631.2715
microsoft•windows 11 version 21h2
≥ 10.0.0, < 10.0.22000.2600
microsoft•windows 11 version 22h2
≥ 10.0.22621.0, < 10.0.22621.2715
microsoft•windows 11 version 22h3
≥ 10.0.22631.0, < 10.0.22631.2715
microsoft•windows 11 version 23h2
≥ 10.0.22631.0, < 10.0.22631.2715
microsoft•windows_server_2008
na | r2:sp1
microsoft•windows server 2008 service pack 2
≥ 6.0.6003.0, < 6.0.6003.22367
microsoft•windows server 2008 r2 service pack 1
≥ 6.1.7601.0, < 6.1.7601.26816
microsoft•windows server 2008 r2 service pack 1 (server core installation)
≥ 6.1.7601.0, < 6.1.7601.26816
microsoft•windows server 2008 service pack 2
≥ 6.0.6003.0, < 6.0.6003.22367
microsoft•windows server 2008 service pack 2 (server core installation)
≥ 6.0.6003.0, < 6.0.6003.22367
microsoft•windows_server_2012
≥ 6.2.9200.0, < 6.2.9200.24569 | na | r2
microsoft•windows server 2012 r2
≥ 6.3.9600.0, < 6.3.9600.21668
microsoft•windows server 2012 r2 (server core installation)
≥ 6.3.9600.0, < 6.3.9600.21668
microsoft•windows server 2012 (server core installation)
≥ 6.2.9200.0, < 6.2.9200.24569
microsoft•windows_server_2016
na | ≥ 10.0.14393.0, < 10.0.14393.6452 | < 10.0.14393.6452
microsoft•windows server 2016 (server core installation)
≥ 10.0.14393.0, < 10.0.14393.6452
microsoft•windows_server_2019
na | ≥ 10.0.17763.0, < 10.0.17763.5122 | < 10.0.17763.5122
microsoft•windows server 2019 (server core installation)
≥ 10.0.17763.0, < 10.0.17763.5122
microsoft•windows_server_2022
na | ≥ 10.0.20348.0, < 10.0.20348.2113 | < 10.0.20348.2091
microsoft•windows_server_2022_23h2
< 10.0.25398.531
microsoft•windows server 2022, 23h2 edition (server core installation)
≥ 10.0.25398.0, < 10.0.25398.531