CVE-2023-23396

MSR

MediumConfirmedExploit available

Microsoft Excel Denial of Service Vulnerability

CVSS

6.5

Medium

EPSS

0.20

p95

Published

2023-01-01

Updated

2023-01-01

Description

Microsoft Excel Denial of Service Vulnerability

Tags · CWE

Pre-auth

CWE-400

CAPEC-147

CAPEC-227

CAPEC-492

Affected products

Office_online_serverOffice_web_apps_server

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.197 · p95

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1499Endpoint Denial of Service

└ via CAPEC-227 · CWE-400

Known exploits — Сканер-ВС

CVE-2023-23396

github-poc · https://github.com/LucaBarile/CVE-2023-23396

Enterprise

Affected software

Product	Vendor	Status
office_online_server	*	Tracked
office_web_apps_server	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

MSR

CVE

Related vulnerabilities

BDU:2023-01364