CVE-2023-36028

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 14, 2023
Updated: May 29, 2024
CWE ID 122

Summary

CVE-2023-36028 is a remote code execution vulnerability affecting Microsoft's Protected Extensible Authentication Protocol (PEAP). An attacker can exploit this issue by sending specially crafted PEAP packets to a target system, potentially gaining the ability to execute arbitrary code. Successful exploitation could lead to significant security risks, including data theft, unauthorized system access, or the installation of malware. Microsoft strongly recommends applying the available patch to mitigate this vulnerability. Organizations using PEAP for authentication should be aware of this critical issue and take immediate action to secure their networks. Exploitation of CVE-2023-36028 could result in a wide range of negative consequences, from minor inconveniences to severe data breaches. Microsoft has released a patch to address this vulnerability, and installing it is the most effective means of protection against potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share