CVE-2023-21715
is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Office Publisher Security Feature Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office Publisher contains a security feature bypass vulnerability which allows for a local, authenticated attack on a targeted system.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715
Added on
2023-02-14
Action due date
2023-03-07
Exploit prediction scoring system (EPSS) score for CVE-2023-21715
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 20 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-21715
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
[email protected] |
|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
[email protected] |
CWE ids for CVE-2023-21715
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: [email protected] (Primary)
References for CVE-2023-21715
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
Patch;Vendor Advisory
Products affected by CVE-2023-21715
- cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*