CVE-2023-23397
Microsoft Office Outlook Privilege Escalation Vuln - [Actively Exploited]
Description
Microsoft Outlook Elevation of Privilege Vulnerability
INFO
Published Date :
March 14, 2023, 5:15 p.m.
Last Modified :
Nov. 21, 2024, 7:46 a.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
5.9
Exploitability Score :
3.9
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Apply updates per vendor instructions.
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Public PoC/Exploit Available at Github
CVE-2023-23397 has a 71 public PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
Affected Products
The following products are affected by CVE-2023-23397
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-23397
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 | Patch Vendor Advisory |
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 | Patch Vendor Advisory |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
This repository focuses on exploring Common Vulnerabilities and Exposures (CVE), a standardized system for identifying and cataloging known cybersecurity vulnerabilities. It includes in-depth research on CVE impacts, exploitation techniques, and mitigation strategies to enhance system security.
Python
A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities
attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc
Config files for my GitHub profile.
config github-config
这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目
HTML
CVE-2023-23397: Remote Code Execution Vulnerability in Microsoft Outlook
Latest CVEs with their Proof of Concept exploits.
Python
None
Proof of Work of CVE-2023-23397 for vulnerable Microsoft Outlook client application.
exploitation hacking msoutlook netntlm smb
Python
渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Assembly Python Shell PHP C++ C Go Ruby HTML Java
C implementation of Outlook 0-click vulnerability
None
CSS HTML JavaScript
None
Python C Shell
Ethical Hacking Repository
Python C Shell
None
OSCP Cheat Sheet
cheatsheet oscp
Python C Shell
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-23397
vulnerability anywhere in the article.
- TheCyberThrone
Top 15 Most Exploited Vulnerabilities in 2023
In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more
- The Register
Five Eyes infosec agencies list 2024's most exploited software flaws
The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more
- Cybersecurity News
2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory
In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more
- The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching
The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more
- BleepingComputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more
- security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023
De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more
- Help Net Security
Patching problems: The “return” of a Windows Themes spoofing vulnerability
Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s op ... Read more
- Krypt3ia
Comprehensive Threat Intelligence Report: The Rise of Nation-State Cyber Attacks and Their Convergence with Cybercrime
TLP: WHITE This threat intelligence report was written in tandem between Krypt3ia and the ICEBREAKER Threat Intelligence Analyst created by Krypt3ia. Executive Summary Over the past year, nation-state ... Read more
- cloudsecurityalliance.org
Navigating the Shadows: Safeguarding AI Infrastructure Amidst CVE-2023-48022
Originally published by Truyo.We all want to leverage AI, but models are only as good as the data used to train them. Often, training data is comprised of confidential information. How do you balance ... Read more
- Help Net Security
Researchers unearth MotW bypass technique used by threat actors for years
Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick ... Read more
- krebsonsecurity.com
Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two ... Read more
The following table lists the changes that have been made to the
CVE-2023-23397
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Nov. 21, 2024
Action Type Old Value New Value Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 -
Modified Analysis by [email protected]
Aug. 14, 2024
Action Type Old Value New Value Changed CPE Configuration OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:-:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* -
CVE Modified by [email protected]
May. 29, 2024
Action Type Old Value New Value Added CWE Microsoft Corporation CWE-20 -
CVE Modified by [email protected]
May. 28, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
May. 14, 2024
Action Type Old Value New Value -
Initial Analysis by [email protected]
Mar. 20, 2023
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397 Patch, Vendor Advisory Added CWE NIST CWE-294 Added CPE Configuration OR *cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* *cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* *cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:* *cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* *cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-23397
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-23397
weaknesses.
Exploit Prediction
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.
87.95 }} -2.33%
score
0.98915
percentile