CVE-2023-28231

HIGH

Windows Server 2008, 2012, 2016, 2019, 2022 - Remote Code Execution via DHCP Server Service

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-28231. PoCs published by TheHermione.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-28231, a DHCPv6 Server Remote Code Execution vulnerability affecting Windows Server 2008 R2 SP1 to Server 2019. The exploit crafts a malicious RelayForward packet to trigger a memory corruption in the DHCP service.

Description

DHCP Server Service Remote Code Execution Vulnerability

Exploits (2)

nomisec WORKING POC 69 stars

by TheHermione · poc

https://github.com/TheHermione/CVE-2023-28231

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-28231, a DHCPv6 Server Remote Code Execution vulnerability affecting Windows Server 2008 R2 SP1 to Server 2019. The exploit crafts a malicious RelayForward packet to trigger a memory corruption in the DHCP service.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows DHCP Server (2008 R2 SP1 to Server 2019)

No auth needed

Prerequisites: Network access to the target DHCPv6 server · Ability to send UDP packets to port 547

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

inthewild WORKING POC

poc

https://github.com/glavstroy/cve-2023-28231

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-28231, a remote code execution vulnerability in Microsoft DHCPv6 Server. The exploit crafts a malicious DHCPv6 RelayForward packet to trigger a memory corruption in the `ProcessRelayForwardMessage` function, leading to a crash or potential RCE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft DHCPv6 Server (Windows Server 2008 R2 SP1 to Server 2019)

No auth needed

Prerequisites: Network access to the target DHCPv6 server · Ability to send UDP packets to port 547

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28231

Scores

CVSS v3 8.8

EPSS 0.7516

EPSS Percentile 98.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-122

Status published

Products (7)

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016

microsoft/windows_server_2019

microsoft/windows_server_2022

Published Apr 11, 2023

Tracked Since Feb 18, 2026