CVE-2023-33163 - Vulnerability Details - OpenCVE

Windows Network Load Balancing Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163

History

Wed, 01 Jan 2025 03:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 01 Jan 2025 02:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.26623::::::x64: cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.24374::::::x64: cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.21063::::::x64: cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.21075::::::x64: cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085:::::::* cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645:::::::* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850:::::::*
Vendors & Products	Microsoft windows Server 2008 R2 Microsoft windows Server 2012 R2

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2023-07-11T17:03:12.030Z

Updated: 2025-01-01T01:52:47.454Z

Reserved: 2023-05-17T21:16:44.901Z

Link: CVE-2023-33163

Vulnrichment

Updated: 2024-08-02T15:39:35.401Z

NVD

Status : Modified

Published: 2023-07-11T18:15:15.257

Modified: 2024-11-21T08:05:00.990

Link: CVE-2023-33163

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33163", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2023-05-17T21:16:44.901Z", "datePublished": "2023-07-11T17:03:12.030Z", "dateUpdated": "2025-01-01T01:52:47.454Z"}, "containers": {"cna": {"title": "Windows Network Load Balancing Remote Code Execution Vulnerability", "datePublic": "2023-07-11T07:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.4645"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.17763.0", "versionEndExcluding": "10.0.17763.4645"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.20348.0", "versionEndExcluding": "10.0.20348.1850"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.6085"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.14393.0", "versionEndExcluding": "10.0.14393.6085"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.1.7601.0", "versionEndExcluding": "6.1.7601.26623"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.1.7601.0", "versionEndExcluding": "6.1.7601.26623"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.24374"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.2.9200.0", "versionEndExcluding": "6.2.9200.24374"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.21063"}, {"vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "versionStartIncluding": "6.3.9600.0", "versionEndExcluding": "6.3.9600.21063"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2019", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.4645", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.17763.0", "lessThan": "10.0.17763.4645", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.20348.0", "lessThan": "10.0.20348.1850", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.6085", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.14393.0", "lessThan": "10.0.14393.6085", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2008 R2 Service Pack 1", "platforms": ["x64-based Systems"], "versions": [{"version": "6.1.7601.0", "lessThan": "6.1.7601.26623", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.1.7601.0", "lessThan": "6.1.7601.26623", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.24374", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.2.9200.0", "lessThan": "6.2.9200.24374", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.21063", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "platforms": ["x64-based Systems"], "versions": [{"version": "6.3.9600.0", "lessThan": "6.3.9600.21063", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Windows Network Load Balancing Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-591: Sensitive Data Storage in Improperly Locked Memory", "lang": "en-US", "type": "CWE", "cweId": "CWE-591"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T01:52:47.454Z"}, "references": [{"name": "Windows Network Load Balancing Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T18:55:47.491555Z", "id": "CVE-2023-33163", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T18:55:56.914Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.401Z"}, "title": "CVE Program Container", "references": [{"name": "Windows Network Load Balancing Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163", "name": "Windows Network Load Balancing Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.401Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-33163", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-23T18:55:47.491555Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T19:16:15.562Z"}}], "cna": {"title": "Windows Network Load Balancing Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Server 2019", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.4645", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2019 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.17763.0", "lessThan": "10.0.17763.4645", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "versions": [{"status": "affected", "version": "10.0.20348.0", "lessThan": "10.0.20348.1850", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.6085", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2016 (Server Core installation)", "versions": [{"status": "affected", "version": "10.0.14393.0", "lessThan": "10.0.14393.6085", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2008 R2 Service Pack 1", "versions": [{"status": "affected", "version": "6.1.7601.0", "lessThan": "6.1.7601.26623", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)", "versions": [{"status": "affected", "version": "6.1.7601.0", "lessThan": "6.1.7601.26623", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.24374", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 (Server Core installation)", "versions": [{"status": "affected", "version": "6.2.9200.0", "lessThan": "6.2.9200.24374", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.21063", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Windows Server 2012 R2 (Server Core installation)", "versions": [{"status": "affected", "version": "6.3.9600.0", "lessThan": "6.3.9600.21063", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2023-07-11T07:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163", "name": "Windows Network Load Balancing Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Windows Network Load Balancing Remote Code Execution Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-591", "description": "CWE-591: Sensitive Data Storage in Improperly Locked Memory"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.4645", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.17763.4645", "versionStartIncluding": "10.0.17763.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.20348.1850", "versionStartIncluding": "10.0.20348.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.6085", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "10.0.14393.6085", "versionStartIncluding": "10.0.14393.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.1.7601.26623", "versionStartIncluding": "6.1.7601.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.1.7601.26623", "versionStartIncluding": "6.1.7601.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.24374", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.2.9200.24374", "versionStartIncluding": "6.2.9200.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.21063", "versionStartIncluding": "6.3.9600.0"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "6.3.9600.21063", "versionStartIncluding": "6.3.9600.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T01:52:47.454Z"}}}, "cveMetadata": {"cveId": "CVE-2023-33163", "state": "PUBLISHED", "dateUpdated": "2025-01-01T01:52:47.454Z", "dateReserved": "2023-05-17T21:16:44.901Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2023-07-11T17:03:12.030Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Windows Network Load Balancing Remote Code Execution Vulnerability"}], "id": "CVE-2023-33163", "lastModified": "2024-11-21T08:05:00.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2023-07-11T18:15:15.257", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33163"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-591"}], "source": "secure@microsoft.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}