Kaspersky LabKLA20213KLA20213 SUI vulnerability in Microsoft Browser
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.0%
Detect date:
02/03/2023
Severity:
Warning
Description:
A tampering vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to spoof user interface.
Affected products:
Microsoft Edge (Chromium-based)
Solution:
Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)
Microsoft Edge update settings
Original advisories:
Impacts:
SUI
Related products:
CVE-IDS:
CVE-2023-217205.3High
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21720
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
support.microsoft.com/en-us/topic/microsoft-edge-update-settings-af8aaca2-1b69-4870-94fe-18822dbb7ef1
threats.kaspersky.com/en/product/Microsoft-Edge/
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
46.0%