Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability
CVE-2023-38151

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Host Integration Server 2020
Vendor: CVE Published:; 14 November 2023

Summary

The vulnerability in Microsoft Host Integration Server 2020 allows an attacker to execute arbitrary code on the affected system remotely. Exploitation of this flaw can grant an attacker unauthorized access and control over the target server, potentially leading to data breaches and system compromise. Organizations using this product should prioritize updates to mitigate the associated risks.

Affected Version(s)

Host Integration Server 2020 Unknown 7.0

Host Integration Server 2020 Unknown 1.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jul 12, 2023