CVE-2023-29343

HIGH

SysInternals Sysmon - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-29343. PoCs published by Wh04m1001.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-29343, an arbitrary file write vulnerability in Sysmon 14.14. The PoC leverages Windows service tracing and the RasMan service to create a directory owned by SYSTEM with low-privilege user access, then abuses Sysmon's file operations to achieve privilege escalation.

Description

SysInternals Sysmon for Windows Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 161 stars

by Wh04m1001 · poc

https://github.com/Wh04m1001/CVE-2023-29343

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-29343, an arbitrary file write vulnerability in Sysmon 14.14. The PoC leverages Windows service tracing and the RasMan service to create a directory owned by SYSTEM with low-privilege user access, then abuses Sysmon's file operations to achieve privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Sysmon 14.14

Auth required

Prerequisites: Low-privilege user access on a vulnerable Windows system · Sysmon 14.14 installed · Windows client before April 2023 patch

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control T1059.003 - Windows Command Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343

Scores

CVSS v3 7.8

EPSS 0.2036

EPSS Percentile 95.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

microsoft/windows_sysmon < 14.16

Published May 09, 2023

Tracked Since Feb 18, 2026