VDB
CVE-2023-23396
CVE-2023-23396
PUBLISHED
CVSS 6.5 MEDIUM
Microsoft Outlook Elevation of Privilege Vulnerability
EPSS 19.70% · 95.6th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
EPSS Score
19.70%
95.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | outlook | 15.0.0.0, 16.0.0.0 |
| microsoft | office_online_server | 16.0.1 |
| Microsoft | Microsoft Office LTSC 2021 | 16.0.1 |
| Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 | 15.0.1 |
| microsoft | 365_apps | 16.0.1 |
| Microsoft | Microsoft 365 Apps for Enterprise | 16.0.1 |
| Microsoft | Microsoft Outlook 2013 Service Pack 1 | 15.0.0.0 |
| microsoft | office_long_term_servicing_channel | 16.0.1 |
| microsoft | office | 19.0.0 |
| Microsoft | Microsoft Office 2019 | 19.0.0 |
| microsoft | office_web_apps_server | 2013, 15.0.1, 2013 |
| Microsoft | Microsoft Outlook 2016 | 16.0.0.0 |
| Microsoft | Microsoft Office Online Server | 16.0.1 |
Exploit Intelligence
- Exploit and report for CVE-2023-23396. (github-poc)
- Exploit and report for CVE-2023-23396. (github-poc)
- Exploit and report for CVE-2023-23396. (github-poc)
- Exploit and report for CVE-2023-23396. (github-poc)
- Exploit and report for CVE-2023-23396. (github-poc)
- Exploit and report for CVE-2023-23396. (github-poc)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 (circl)
- Microsoft Outlook Elevation of Privilege Vulnerability (circl)
- CIRCL seen: CVE-2023-23397 (circl-sighting)
…and 319 more exploits
Timeline
- Mar 14, 2023 CVE Published
- Mar 14, 2023 PoC Published
- Mar 15, 2023 EPSS Score
- Mar 15, 2023 PoC Published
- Mar 15, 2023 PoC Published
- Mar 15, 2023 PoC Published
- Mar 15, 2023 PoC Published
- Mar 15, 2023 PoC Published
- Mar 16, 2023 PoC Published
- Mar 23, 2023 PoC Published
- Mar 25, 2023 PoC Published
- Mar 30, 2023 PoC Published
References
- https://msrc.microsoft.com/update-guide/ advisory
- Microsoft Excel Denial of Service Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-23396 advisory
- Microsoft Outlook Elevation of Privilege Vulnerability vendor-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-23397 url