Windows IIS Server Elevation of Privilege Vulnerability

Windows IIS Server Elevation of Privilege Vulnerability

CVE-2023-36434 is an EoP vulnerability in Windows IIS server that was assigned a CVSSv3 score of 9.8 and rated as important.

According to Microsoft, exploitation of this vulnerability is achieved by an attacker brute forcing a user’s login credentials. Because the chances of success can vary greatly and are less likely when strong passwords are in place, Microsoft’s severity rating is important, despite the critical CVSS score.

Affected Systems

-

IoC’s

-

Recommended Solution(s)

-

CVE / CWE

CVE-2023-36434

Related Website(s)

• https://nvd.nist.gov/vuln/detail/CVE-2023-36434
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.