CVE-2023-23388

HIGH

Windows Bluetooth Driver - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-23388. PoCs published by ynwarcs.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2023-23388, a local privilege escalation vulnerability in the Windows Bluetooth service (bthserv). The exploit triggers the vulnerability by sending a crafted event with a specific EventType value to the Bluetooth service, leading to a crash and potential privilege escalation to LOCAL SERVICE.

Description

Windows Bluetooth Driver Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 7 stars

by ynwarcs · poc

https://github.com/ynwarcs/CVE-2023-23388

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2023-23388, a local privilege escalation vulnerability in the Windows Bluetooth service (bthserv). The exploit triggers the vulnerability by sending a crafted event with a specific EventType value to the Bluetooth service, leading to a crash and potential privilege escalation to LOCAL SERVICE.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10/11 Bluetooth Service (bthserv)

No auth needed

Prerequisites: Unpatched Windows 10/11 system (pre-March 2023 security update) · Bluetooth service enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23388

Scores

CVSS v3 8.8

EPSS 0.0157

EPSS Percentile 72.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-681

Status published

Products (11)

microsoft/windows_10_1507 < 10.0.10240.19805

microsoft/windows_10_1607 < 10.0.14393.5786

microsoft/windows_10_1809 < 10.0.17763.4131

microsoft/windows_10_20h2 < 10.0.19042.2728

microsoft/windows_10_21h2 < 10.0.19044.2728

microsoft/windows_10_22h2 < 10.0.19045.2728

microsoft/windows_11_21h2 < 10.0.22000.1696

microsoft/windows_11_22h2 < 10.0.22000.1413

microsoft/windows_server_2016

microsoft/windows_server_2019

... and 1 more

Published Mar 14, 2023

Tracked Since Feb 18, 2026