SB2023101043 - Multiple remote code execution vulnerabilities in Microsoft Windows L2TP
Published: October 10, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-41765)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
2) Use-after-free (CVE-ID: CVE-2023-41768)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Use-after-free (CVE-ID: CVE-2023-41771)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Use-after-free (CVE-ID: CVE-2023-41769)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Use-after-free (CVE-ID: CVE-2023-41773)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
6) Use-after-free (CVE-ID: CVE-2023-41774)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
7) Use-after-free (CVE-ID: CVE-2023-38166)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
8) Use-after-free (CVE-ID: CVE-2023-41770)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Use-after-free (CVE-ID: CVE-2023-41767)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Layer 2 Tunneling protocol (L2TP) implementation in Routing and Remote Access Service (RRAS) server. A remote attacker can send specially crafted packets to the system to trigger a race condition and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41765
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41768
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41771
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41769
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41773
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41774
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38166
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41770
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-41767