Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
CVE-2023-21543

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 10 January 2023

Summary

A vulnerability in the Windows Layer 2 Tunneling Protocol (L2TP) allows a remote attacker to execute arbitrary code on the affected system. Exploitation of this vulnerability could lead to significant security risks, potentially compromising sensitive data and system integrity. Organizations using Windows-based systems should apply patches and updates as recommended to mitigate the risk associated with this vulnerability.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.19685

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5648

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.3887

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2023
Vulnerability Reserved
Dec 1, 2022