CVE-2023-36883: Microsoft Edge for iOS Spoofing Vulnerability

Overview

Severity

Medium (CVSS 4.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Jul

Released

2023-07-13

EPSS Score

0.23% (percentile: 46.1%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

Affected Products (1)

Browser

• Microsoft Edge for iOS

Acknowledgments

<a href="https://www.twitter.com/rafaybaloch">Rafay Baloch</a> with <a href="https://cybercitadel.com/">Cyber Citadel</a>

Revision History

• 2023-07-13: Information published.