CVE-2023-21721: Microsoft OneNote Elevation of Privilege Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Feb

Released

2023-02-14

Last Updated

2023-02-14

EPSS Score

6.12% (percentile: 90.8%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of integrity (I:H)? What does that mean for this vulnerability? An authenticated attacker could impersonate another user to perform actions. How do I get the update for OneNote for Android? Please reference How to update the Play Store & apps on Android - Google Play Help for guidance.

Affected Products (1)

Microsoft Office

• Microsoft OneNote for Android

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://microsoft.com/">Microsoft</a>

Revision History

• 2023-02-14: Information published.
• 2023-02-14: Updated Impact in the Security Updates table, CVE Title, and FAQs. This is an informational change only.