Vulnerability Details : CVE-2023-21715
Microsoft Publisher Security Features Bypass Vulnerability
Products affected by CVE-2023-21715
- cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
CVE-2023-21715 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Office Publisher Security Feature Bypass Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Notes:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715; https://nvd.nist.gov/vuln/detail/CVE-2023-21715
Added on
2023-02-14
Action due date
2023-03-07
Exploit prediction scoring system (EPSS) score for CVE-2023-21715
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-21715
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.3
|
5.9
|
Microsoft Corporation |
CWE ids for CVE-2023-21715
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-21715
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21715
CVE-2023-21715 - Security Update Guide - Microsoft - Microsoft Publisher Security Features Bypass VulnerabilityPatch;Vendor Advisory
Jump to