CVE-2023-36434

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 10, 2023

Updated: May 29, 2024

CWE ID 307

Summary

CVE-2023-36434 is a newly disclosed vulnerability affecting Microsoft's Internet Information Services (IIS) server on Windows systems. This elevation of privilege weakness allows attackers to gain higher-level access to the server, potentially enabling them to install unauthorized software, view, change, or delete sensitive information, and take control of the affected system. Successful exploitation of this vulnerability requires a specially crafted request to be sent to a targeted IIS server. Microsoft has released a patch for this issue, and it is strongly recommended that all affected systems be updated as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database