CVE-2023-21715
Published: 14 February 2023
Summary
CVE-2023-21715 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Microsoft 365 Apps. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 34.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-21715 is a security feature bypass vulnerability in Microsoft Publisher, tracked under CWE-863 for incorrect authorization. It carries a CVSS 3.1 score of 7.3 with an attack vector that is local, low complexity, low privileges, and requires user interaction, resulting in high impact to confidentiality, integrity, and availability.
An attacker with local access and limited privileges can exploit the flaw after a user interacts with a crafted Publisher document, bypassing intended security controls to achieve full compromise of the affected system.
Microsoft has published remediation guidance through its Security Response Center update guide, and the vulnerability appears in CISA's catalog of known exploited vulnerabilities.
EPSS for the issue rose from a low baseline to a peak of 0.0151 on 2023-03-07 before receding, indicating a temporary increase in observed exploitation interest following public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25882
Vulnerability details
Microsoft Publisher Security Feature Bypass Vulnerability
- CWE(s)
- KEV Date Added
- 14 February 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces correct authorization decisions to block the security feature bypass described in CWE-863 for this Publisher vulnerability.
Requires prompt application of the vendor patch that eliminates the authorization flaw being actively exploited per CISA KEV.
Limits privileges available to the low-privileged local attacker, reducing the impact of a successful bypass of Publisher protections.