CVE-2023-36424

HIGH

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Complexity

LOW

Privileges

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 11/14/2023Modified: 4/14/2026

Related Intelligence (2)

LOWVulnerability

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

<p>CISA has added seven new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href="https://www.cve.or

CVE-2012-1854CVE-2020-9715

Apr 13, 2026CISA Advisories

HIGHVulnerability

CISA KEV: Microsoft Windows — Microsoft Windows Out-of-Bounds Read Vulnerability

Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation

CVE-2023-36424Microsoft Windows

Apr 13, 2026CISA KEV

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424PatchVendor Advisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36424PatchVendor Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36424US Government Resource