Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 6
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Microsoft Windows_Server_2012
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:standard:*:x64:*
|
— |
6.2.9200.25973
|
|
Microsoft Windows_Server_2012
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
|
— | — |
|
Microsoft Windows_Server_2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:-:*:x64:*
|
— |
10.0.14393.8957
|
|
Microsoft Windows_Server_2019
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:-:*:x64:*
|
— |
10.0.17763.8511
|
|
Microsoft Windows_Server_2022
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:-:*:x64:*
|
— |
10.0.20348.4893
|
|
Microsoft Windows_Server_2025
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:-:*:x64:*
|
— |
10.0.26100.32522
|