9.8
CVE-2023-23397
- EPSS 93.63%
- Published 14.03.2023 17:15:13
- Last modified 13.03.2025 16:16:44
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft Outlook Elevation of Privilege Vulnerability
Data is provided by the National Vulnerability Database (NVD)
14.03.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Office Outlook Privilege Escalation Vulnerability
VulnerabilityMicrosoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.63% | 0.998 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@microsoft.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-294 Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).