CVE-2023-45235
CWE-119Published: January 16, 2024· Updated: Jun 17, 2026
Official Description
EDK2's Network Package is susceptible to a buffer overflow vulnerability when
handling Server ID option
from a DHCPv6 proxy Advertise message. This
vulnerability can be exploited by an attacker to gain unauthorized
access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.
Technical Analysis
CVE-2023-45235 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 8.8.
From a weakness classification perspective (CWE-119): Buffer overflow vulnerabilities can lead to arbitrary code execution or denial of service by corrupting adjacent memory.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
News & Research Mentioning CVE-2023-45235
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache poisoning, or extract sensitive information. The following versions of ABB B&R PCs are affected: APC4100 <1.09, 1.09 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) APC910 <=1.25 (CVE-2023-45229, CVE-2023-45230, CVE-2023-45231, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237) C80 <1.14, 1.14 (CVE-2023-45229, C [xlite_meta score:73 src:CISA Alerts xlite_fp:e0c2b058f33c6d42576d055006ce59ae2d1c401fc8c33f4fb6ff9a25bb5fa598]
All References (12)
Quick Facts
Related CVEs (CWE-119)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2023-45235 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts