Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA61541
HistoryOct 19, 2023 - 12:00 a.m.

KLA61541 Multiple vulnerabilities in Microsoft Windows

2023-10-1900:00:00
Kaspersky Lab
threats.kaspersky.com
48
microsoft windows
vulnerabilities
exploits
privileges
arbitrary code
public exploits
windows 10
windows server
windows 11
kb list.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in curl can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in curl can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2023-38039

CVE-2023-38545

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

Microsoft-Windows-Server-2019

Microsoft-Windows-11

CVE list

CVE-2023-38039 critical

CVE-2023-38545 critical

KB list

5032189

5032198

5032196

5032192

5032190

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

Affected Products

  • Windows 10 Version 22H2 for ARM64-based SystemsWindows Server 2019Windows 10 Version 22H2 for x64-based SystemsWindows 10 Version 22H2 for 32-bit SystemsWindows 10 Version 21H2 for ARM64-based SystemsWindows 11 Version 23H2 for x64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows Server 2019 (Server Core installation)Windows 11 version 21H2 for ARM64-based SystemsWindows 10 Version 21H2 for 32-bit SystemsWindows 11 Version 22H2 for x64-based SystemsWindows 11 version 21H2 for x64-based SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 11 Version 23H2 for ARM64-based SystemsWindows 10 Version 21H2 for x64-based SystemsWindows Server 2022Windows 10 Version 1809 for 32-bit SystemsWindows Server 2022 (Server Core installation)Windows 11 Version 22H2 for ARM64-based Systems

Related

ibm 11
nessus 56
hackerone 4
freebsd 2
cbl_mariner 7
cve 2
osv 10
openvas 32
fedora 6
slackware 2
redhatcve 2
cvelist 2
veracode 2
mscve 2
prion 2
alpinelinux 2
nvd 2
ubuntucve 2
ubuntu 3
wizblog 1
githubexploit 7
broadcom 1
cnvd 1
f5 1
amazon 2
kaspersky 1
debiancve 2
cgr 1
veeam 1
rosalinux 1
redhat 5
wolfi 1
photon 6
ics 1
aix 1
almalinux 2
debian 1
thn 2
paloalto 1
mageia 1
cisco 1
rocky 1
redos 1
oraclelinux 2
cloudfoundry 1
qualysblog 1
apple 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.
2024-03-13 14:31:39
Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments
2024-04-04 10:41:34
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2023-12-20 19:15:09
nessus
nessus
SUSE SLES12 Security Update : curl (SUSE-SU-2023:3692-1)
2023-09-21 00:00:00
Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Vulnerability (SSA:2023-256-01)
2023-09-14 00:00:00
Fedora 39 : curl (2023-43ef9f5376)
2023-11-07 00:00:00
hackerone
hackerone
curl: CVE-2023-38039: HTTP header allocation DOS
2023-07-17 12:43:20
curl: [Critical] Curl CVE-2023-38545 vulnerability code changes are disclosed on the internet
2023-10-10 04:25:20
curl: CVE-2023-38545: socks5 heap buffer overflow
2023-09-30 08:26:30
freebsd
freebsd
curl -- HTTP headers eat all memory
2023-09-13 00:00:00
curl -- SOCKS5 heap buffer overflow
2023-09-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-38039 affecting package curl for versions less than 8.3.0-1
2023-10-11 01:41:59
CVE-2023-38039 affecting package mysql for versions less than 8.0.35-1
2023-11-30 20:33:05
CVE-2023-38039 affecting package tensorflow for versions less than 2.16.1-1
2024-04-17 22:02:46
cve
cve
CVE-2023-38039
2023-09-15 04:15:10
CVE-2023-38545
2023-10-18 04:15:11
osv
osv
CVE-2023-38039
2023-09-15 04:15:10
HTTP headers eat all memory
2023-09-13 08:00:00
CVE-2023-38545
2023-10-18 04:15:11
openvas
openvas
openSUSE: Security Advisory for curl (SUSE-SU-2023:3823-1)
2024-03-04 00:00:00
Slackware: Security Advisory (SSA:2023-256-01)
2023-09-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3692-1)
2023-09-21 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: curl-8.0.1-4.fc38
2023-09-16 01:29:15
[SECURITY] Fedora 37 Update: curl-7.85.0-11.fc37
2023-09-26 01:33:43
[SECURITY] Fedora 39 Update: curl-8.2.1-2.fc39
2023-09-26 00:19:05
slackware
slackware
[slackware-security] curl
2023-09-14 02:14:25
[slackware-security] curl
2023-10-11 06:45:13
redhatcve
redhatcve
CVE-2023-38039
2023-09-15 12:24:22
CVE-2023-38545
2023-10-11 07:12:30
cvelist
cvelist
CVE-2023-38039
2023-09-15 03:21:54
CVE-2023-38545
2023-10-18 03:52:00
veracode
veracode
Denial Of Service (DoS)
2023-10-02 20:08:01
Heap Buffer Overflow
2023-10-11 14:40:13
mscve
mscve
Hackerone: CVE-2023-38039 HTTP headers eat all memory
2023-10-19 07:00:00
Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow
2023-10-19 07:00:00
prion
prion
Design/Logic Flaw
2023-09-15 04:15:00
Heap overflow
2023-10-18 04:15:00
alpinelinux
alpinelinux
CVE-2023-38039
2023-09-15 04:15:10
CVE-2023-38545
2023-10-18 04:15:11
nvd
nvd
CVE-2023-38039
2023-09-15 04:15:10
CVE-2023-38545
2023-10-18 04:15:11
ubuntucve
ubuntucve
CVE-2023-38039
2023-09-13 00:00:00
CVE-2023-38545
2023-10-11 00:00:00
ubuntu
ubuntu
curl vulnerability
2023-09-13 00:00:00
curl vulnerabilities
2023-10-17 00:00:00
curl vulnerabilities
2023-10-11 00:00:00
wizblog
wizblog
CVE-2023-38545 high severity vulnerability in cURL: everything you need to know
2023-10-11 16:56:35
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 16:48:26
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-16 15:55:32
Exploit for Out-of-bounds Write in Haxx Libcurl
2023-10-12 07:39:15
broadcom
broadcom
SOCKS5 heap buffer overflow (CVE-2023-38545)
2023-10-16 00:00:00
cnvd
cnvd
cURL SOCKS5 Heap Overflow Vulnerability
2023-10-11 00:00:00
f5
f5
K000137257 : cURL vulnerabilities CVE-2023-38545
2023-10-17 00:00:00
amazon
amazon
Important: curl
2023-09-27 22:48:00
Important: curl
2023-10-10 21:19:00
kaspersky
kaspersky
KLA61542 PE vulnerability in Microsoft Mariner
2023-10-19 00:00:00
debiancve
debiancve
CVE-2023-38039
2023-09-15 04:15:10
CVE-2023-38545
2023-10-18 04:15:11
cgr
cgr
CVE-2023-38545 vulnerabilities
2024-05-19 03:07:16
veeam
veeam
Vulnerability Scanner Detection Related to CVE-2023-38545
2023-12-12 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2379
2024-03-26 11:18:17
redhat
redhat
(RHSA-2024:2011) Important: Satellite Client Async Security Update
2024-04-23 17:14:55
(RHSA-2023:5700) Important: curl security update
2023-10-13 21:38:55
(RHSA-2023:5763) Important: curl security update
2023-10-17 08:40:49
wolfi
wolfi
CVE-2023-38545 vulnerabilities
2024-06-29 09:08:33
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0095
2023-09-14 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0471
2023-09-14 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0487
2023-10-11 00:00:00
ics
ics
Rockwell Automation FactoryTalk Activation
2024-01-04 12:00:00
aix
aix
Multiple vulnerabilities in cURL libcurl affect AIX
2023-12-11 13:22:02
almalinux
almalinux
Important: curl security update
2023-11-07 00:00:00
Important: curl security update
2023-10-17 00:00:00
debian
debian
[SECURITY] [DSA 5523-1] curl security update
2023-10-11 06:58:41
thn
thn
Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released
2023-10-12 04:39:00
Security Patch for Two New Flaws in Curl Library Arriving on October 11
2023-10-09 10:32:00
paloalto
paloalto
Impact of curl and libcurl Vulnerabilities (CVE-2023-38545, CVE-2023-38546)
2023-10-12 20:40:00
mageia
mageia
Updated the curl packages to fix two security vulnerabilities
2023-10-14 01:56:51
cisco
cisco
cURL and libcurl Vulnerability Affecting Cisco Products: October 2023
2023-10-12 16:00:00
rocky
rocky
curl security update
2023-10-24 18:36:52
redos
redos
ROS-20231016-05
2023-10-16 00:00:00
oraclelinux
oraclelinux
curl security update
2023-11-16 00:00:00
curl security update
2023-10-18 00:00:00
cloudfoundry
cloudfoundry
USN-6429-1: curl vulnerabilities | Cloud Foundry
2023-11-09 00:00:00
qualysblog
qualysblog
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
2023-10-06 00:14:06
apple
apple
About the security content of macOS Monterey 12.7.3
2024-01-22 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON
Related for KLA61541
ibm11nessus56hackerone4freebsd2cbl_mariner7cve2osv10openvas32fedora6slackware2redhatcve2cvelist2veracode2mscve2prion2alpinelinux2nvd2ubuntucve2ubuntu3wizblog1githubexploit7broadcom1cnvd1f51amazon2kaspersky1debiancve2cgr1veeam1rosalinux1redhat5wolfi1photon6ics1aix1almalinux2debian1thn2paloalto1mageia1cisco1rocky1redos1oraclelinux2cloudfoundry1qualysblog1apple1