Remote code execution in Microsoft Internet Connection Sharing (ICS)

1) Input validation error

EUVDB-ID: #VU80715

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-38148

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Internet Connection Sharing (ICS). A remote attacker on the local network can pass specially crafted input to the application and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows Server: 2019 10.0.17763.1 - 2022 20H2

Windows: 10 - 11 22H2 10.0.22621.521

CPE2.3

• cpe:2.3:o:microsoft:windows_server:2019:10.0.17763.1:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_20H2:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1709:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1803:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1903:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_1909:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2019_2004:*:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2022:10.0.20348.202:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_server:2022:20H2:*:*:*:*:*:*
• cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38148

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.