CVE-2023-21720 - Vulnerability Details - OpenCVE

Microsoft Edge (Chromium-based) Tampering Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Edge Chromium

Configuration 1 [-]

cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720
https://security.gentoo.org/glsa/202309-17

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2023-02-14T19:32:47.023Z

Updated: 2025-02-28T20:05:24.593Z

Reserved: 2022-12-13T18:08:03.492Z

Link: CVE-2023-21720

Vulnrichment

Updated: 2024-08-02T09:51:49.239Z

NVD

Status : Modified

Published: 2023-02-14T20:15:14.590

Modified: 2025-01-01T01:15:20.017

Link: CVE-2023-21720

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-21720", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2022-12-13T18:08:03.492Z", "datePublished": "2023-02-14T19:32:47.023Z", "dateUpdated": "2025-02-28T20:05:24.593Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "datePublic": "2023-02-03T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "109.0.15.18.78"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "109.0.15.18.78", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-126: Buffer Over-read", "lang": "en-US", "type": "CWE", "cweId": "CWE-126"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T00:40:55.364Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:51:49.239Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720"}, {"url": "https://security.gentoo.org/glsa/202309-17", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-28T19:25:42.489824Z", "id": "CVE-2023-21720", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T20:05:24.593Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-21720", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2022-12-13T18:08:03.492Z", "datePublished": "2023-02-14T19:32:47.023Z", "dateUpdated": "2025-02-28T20:05:24.593Z"}, "containers": {"cna": {"title": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "datePublic": "2023-02-03T08:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "109.0.15.18.78"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Edge (Chromium-based)", "platforms": ["Unknown"], "versions": [{"version": "1.0.0", "lessThan": "109.0.15.18.78", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-126: Buffer Over-read", "lang": "en-US", "type": "CWE", "cweId": "CWE-126"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-01T00:40:55.364Z"}, "references": [{"name": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:51:49.239Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Edge (Chromium-based) Tampering Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21720"}, {"url": "https://security.gentoo.org/glsa/202309-17", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-21720", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-28T19:25:42.489824Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T19:28:20.070Z"}}]}}