High
CVE-2023-28284
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-28284
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Add Assessment
Ratings
-
Attacker ValueHigh
-
ExploitabilityLow
Technical Analysis
Description:
The IE suffers from bypassing its own security and warning security. After the usual user visits the malicious link from the attacker he will be pushed to download a malicious file from some malicious server that uses a pushing method to force the victim to download a dangerous file. After the victim executes the already downloaded file without any warning the attacker will use the already opened connection as a result of the user’s interactions, with his PC and then he can do very malicious things with this PC, it depends on the scenario.
STATUS: High Vulnerability with a low success rate.
PoC:
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- microsoft
Products
- edge
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: