CVE-2023-21691

Q: What is the severity of CVE-2023-21691?

CVE-2023-21691 has a CVSS score of 7.5 (HIGH). This vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP) allows an attacker to disclose sensitive information from memory. It affects systems using PEAP for authentication, particularly Windows servers and clients configured with PEAP. Attackers could potentially access credentials or other sensitive data.

7.5 HIGH

📋 TL;DR

This vulnerability in Microsoft's Protected Extensible Authentication Protocol (PEAP) allows an attacker to disclose sensitive information from memory. It affects systems using PEAP for authentication, particularly Windows servers and clients configured with PEAP. Attackers could potentially access credentials or other sensitive data.

💻 Affected Systems

Products:

Windows Server
Windows Client

Versions: Multiple Windows versions - check Microsoft advisory for specific affected versions

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: Only affects systems using PEAP for authentication. Systems not using PEAP or using other authentication methods are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could extract authentication credentials or other sensitive information from memory, leading to credential theft and potential lateral movement within the network.

🟠

Likely Case

Information disclosure of memory contents that may include authentication-related data or system information.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though information disclosure still occurs.

🌐 Internet-Facing: MEDIUM - Requires attacker to be on the network path between client and server during PEAP authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised systems on the network could exploit this during authentication attempts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access and ability to intercept/modify PEAP authentication traffic. Attacker needs to be positioned on the network path.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for January 2023 or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Restart affected systems. 3. Verify the patch is applied using Windows Update history or system information.

🔧 Temporary Workarounds

Disable PEAP authentication

windows

Switch to alternative authentication methods that don't use PEAP

Configure network policies to use EAP-TLS or other non-PEAP methods

Network segmentation

all

Isolate authentication traffic to prevent interception

Implement VLAN segmentation for authentication servers and clients

🧯 If You Can't Patch

Implement strict network monitoring for unusual authentication patterns
Use network encryption (IPsec) to protect authentication traffic

🔍 How to Verify

Check if Vulnerable:

Check if system uses PEAP for authentication in network policies and verify Windows version against affected versions list

Check Version:

wmic os get caption, version, buildnumber

Verify Fix Applied:

Verify Windows Update history shows the January 2023 or later security updates are installed

📡 Detection & Monitoring

Log Indicators:

Unusual authentication failures
Multiple authentication attempts from same source
PEAP protocol errors in event logs

Network Indicators:

Unusual traffic patterns during authentication
PEAP protocol manipulation attempts

SIEM Query:

EventID=6272 OR EventID=6273 with PEAP authentication failures

📊 Metadata

CVE ID: CVE-2023-21691

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: February 14, 2023

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21691 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 20h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable PEAP authentication

Network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities