Detections
Analytics

CVE-2023-23397

critical

Description

Microsoft Outlook Elevation of Privilege Vulnerability

References

https://securityaffairs.com/162759/apt/nato-eu-condemned-apt28-espionage.html?web_view=true

https://www.bankinfosecurity.com/russian-gru-hackers-compromised-german-czech-targets-a-25007?&web_view=true

https://www.theregister.com/2024/05/06/infosec_in_brief/

https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html

https://securityaffairs.com/162759/apt/nato-eu-condemned-apt28-espionage.html

https://www.schneier.com/blog/archives/2024/05/friday-squid-blogging-squid-purses.html

https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/

https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/

https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/

https://securityaffairs.com/159691/breaking-news/russia-apt28-compromised-ubiquiti-edgerouters.html

https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html?&web_view=true

https://arstechnica.com/security/2024/02/kremlin-backed-hackers-are-infecting-ubiquity-edgerouters-fbi-warns/

https://www.hackread.com/monikerlink-bug-microsoft-outlook-data-malware/?web_view=true

https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html?&web_view=true

https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html

https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html?&web_view=true

https://securityaffairs.com/155420/apt/apt8-exploited-outlook-0day-target-nato.html

https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/

https://meterpreter.org/proofpoint-uncovers-ta422-apt28s-dedicated-phishing-exploitation-loop/

https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear

https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2023-q3-2023.pdf

https://www.bleepingcomputer.com/news/security/france-says-russian-state-hackers-breached-numerous-critical-networks/

https://thehackernews.com/2023/03/from-ransomware-to-cyber-espionage-55.html

https://www.mandiant.com/resources/blog/zero-days-exploited-2022

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Details

Source: Mitre, NVD

Published: 2023-03-14

Updated: 2023-03-20

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical