CVE-2023-6186
Published: 11 December 2023
Summary
CVE-2023-6186 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Libreoffice Libreoffice. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 22.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58435
Vulnerability details
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the…
more
user.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-6186 enables arbitrary macro/script execution without user warning in LibreOffice via malicious documents/hyperlinks, facilitating client application exploitation (T1203), Visual Basic-like macro execution (T1059.005), and user execution of malicious files (T1204.002).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Forces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights.