CVE Vulnerabilities

CVE-2023-23397

Authentication Bypass by Capture-replay

Published: Mar 14, 2023 | Modified: Mar 20, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Outlook Elevation of Privilege Vulnerability

Weakness

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Affected Software

Name Vendor Start Version End Version
Outlook Microsoft 2016 2016
Outlook Microsoft 2013 2013
Outlook Microsoft 2013 2013
Office Microsoft 2019 2019
365_apps Microsoft - -
Office Microsoft 2021 2021

Potential Mitigations

References