Lucene search

Kaspersky LabKLA48558

HistoryMar 14, 2023 - 12:00 a.m.

KLA48558 SB vulnerability in Microsoft Apps

2023-03-1400:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft apps

security bypass

vulnerability

exploitation

restrictions

cve-2023-24890

onedrive

ios

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

A security feature bypass vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to bypass security restrictions.

Original advisories

CVE-2023-24890

Related products

OneDrive-for-iOS

CVE list

CVE-2023-24890 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

OneDrive for iOS

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24890

statistics.securelist.com/

threats.kaspersky.com/en/product/OneDrive-for-iOS/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

45.9%

JSON

Related for KLA48558