CVE-2023-35387

Published: Aug 8, 2023

Modified: Jan 1, 2025

PUBLISHED

CVSS v3.1

8.8

HIGH

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

Vendor	Product	Versions
Microsoft	Windows 10 Version 1809	affected `10.0.17763.0 - < 10.0.17763.4737`
Microsoft	Windows 10 Version 1809	affected `10.0.0 - < 10.0.17763.4737`
Microsoft	Windows Server 2019	affected `10.0.17763.0 - < 10.0.17763.4737`
Microsoft	Windows Server 2019 (Server Core installation)	affected `10.0.17763.0 - < 10.0.17763.4737`
Microsoft	Windows 11 version 21H2	affected `10.0.0 - < 10.0.22000.2295`
Microsoft	Windows 10 Version 21H2	affected `10.0.19043.0 - < 10.0.19044.3324`
Microsoft	Windows 11 version 22H2	affected `10.0.22621.0 - < 10.0.22621.2134`
Microsoft	Windows 10 Version 22H2	affected `10.0.19045.0 - < 10.0.19045.3324`
Microsoft	Windows 10 Version 1507	affected `10.0.10240.0 - < 10.0.10240.20107`
Microsoft	Windows 10 Version 1607	affected `10.0.14393.0 - < 10.0.14393.6167`
Microsoft	Windows Server 2016	affected `10.0.14393.0 - < 10.0.14393.6167`
Microsoft	Windows Server 2016 (Server Core installation)	affected `10.0.14393.0 - < 10.0.14393.6167`
Microsoft	Windows Server 2012	affected `6.2.9200.0 - < 6.2.9200.24414`
Microsoft	Windows Server 2012 (Server Core installation)	affected `6.2.9200.0 - < 6.2.9200.24414`
Microsoft	Windows Server 2012 R2	affected `6.3.9600.0 - < 6.3.9600.21503`
Microsoft	Windows Server 2012 R2 (Server Core installation)	affected `6.3.9600.0 - < 6.3.9600.21503`

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.