9.8

CVE-2023-23397

Warnung
Medienbericht

Microsoft Outlook Elevation of Privilege Vulnerability

Microsoft Outlook Elevation of Privilege Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft365 Apps Version- SwEditionenterprise
MicrosoftOffice Version2019
MicrosoftOutlook Version2013 Updatesp1 SwEdition-
MicrosoftOutlook Version2013 Updatesp1 SwEditionrt
MicrosoftOutlook Version2016

14.03.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Office Outlook Privilege Escalation Vulnerability

Schwachstelle

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 93.4% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).