Login Sign Up

CVE-2023-21689

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on systems running Microsoft's Protected Extensible Authentication Protocol (PEAP) without authentication. It affects Windows systems with PEAP enabled, potentially allowing complete system compromise.

💻 Affected Systems

Products:
  • Microsoft Windows
Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Systems with PEAP authentication enabled are vulnerable. This includes systems using PEAP for WiFi, VPN, or other network authentication.

📦 What is this software?

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1507 by Microsoft

View all CVEs affecting Windows 10 1507 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1607 by Microsoft

View all CVEs affecting Windows 10 1607 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 1809 by Microsoft

View all CVEs affecting Windows 10 1809 →

Windows 10 20h2 by Microsoft

View all CVEs affecting Windows 10 20h2 →

Windows 10 20h2 by Microsoft

View all CVEs affecting Windows 10 20h2 →

Windows 10 20h2 by Microsoft

View all CVEs affecting Windows 10 20h2 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 21h2 by Microsoft

View all CVEs affecting Windows 10 21h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 10 22h2 by Microsoft

View all CVEs affecting Windows 10 22h2 →

Windows 11 21h2 by Microsoft

View all CVEs affecting Windows 11 21h2 →

Windows 11 21h2 by Microsoft

View all CVEs affecting Windows 11 21h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows 11 22h2 by Microsoft

View all CVEs affecting Windows 11 22h2 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2012 by Microsoft

View all CVEs affecting Windows Server 2012 →

Windows Server 2016 by Microsoft

View all CVEs affecting Windows Server 2016 →

Windows Server 2019 by Microsoft

View all CVEs affecting Windows Server 2019 →

Windows Server 2022 by Microsoft

View all CVEs affecting Windows Server 2022 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to credential harvesting, lateral movement within networks, or installation of malware.

🟢

If Mitigated

Limited impact if network segmentation isolates PEAP servers and strict access controls are enforced.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 indicates critical severity with network-accessible, unauthenticated exploitation possible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: January 2023 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21689

Restart Required: Yes

Instructions:

1. Apply January 2023 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Verify update installation and restart systems.

🔧 Temporary Workarounds

Disable PEAP authentication

windows

Temporarily disable PEAP authentication until patches can be applied

netsh wlan set profileparameter name="ProfileName" authentication=WPA2PSK

Network segmentation

all

Isolate PEAP servers from untrusted networks using firewalls

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate PEAP servers
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if January 2023 security updates are installed via 'wmic qfe list' or Windows Update history

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5022282 (or later) is installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

  • Unusual PEAP authentication failures
  • Unexpected process creation from network service accounts

Network Indicators:

  • Malformed PEAP packets
  • Unexpected connections to PEAP ports (UDP 1812/1813)

SIEM Query:

source="windows" AND (event_id=4625 OR event_id=4688) AND process_name="*" AND user="NETWORK SERVICE"

📊 Metadata

CVE ID: CVE-2023-21689
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: February 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21689, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)