Lucene search

K
kasperskyKaspersky LabKLA50321
HistoryJun 13, 2023 - 12:00 a.m.

KLA50321 OSI vulnerability in Microsoft Browser

2023-06-1300:00:00
Kaspersky Lab
threats.kaspersky.com
12
microsoft edge
chromium-based
information disclosure
vulnerability
update
cve-2023-33145

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.009

Percentile

83.2%

An information disclosure vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to obtain sensitive information.

Original advisories

CVE-2023-33145

Related products

Microsoft-Edge

CVE list

CVE-2023-33145 high

KB list

Solution

Install necessary updates from the Settings and more menu, that are listed in your About Microsoft Edge page (Microsoft Edge About page usually can be accessed from the Help and feedback option)

Microsoft Edge update settings

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

  • Microsoft Edge (Chromium-based)

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

High

EPSS

0.009

Percentile

83.2%