Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-29328

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Teams For Desktop; Microsoft Teams For iOS; Microsoft Teams For Android; Microsoft Teams For Mac
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-29328?

A vulnerability in Microsoft Teams allows attackers to execute arbitrary code remotely, potentially compromising user systems. This flaw could be exploited via malicious content or communications within the Teams platform, leading to unauthorized actions and data breaches. Users are strongly advised to apply security updates to safeguard their installations.

Affected Version(s)

Microsoft Teams for Android Unknown 1.0.0 < 1.0.0.2023070204

Microsoft Teams for Desktop Unknown 1.0.0 < 1.6.00.18681

Microsoft Teams for iOS Unknown 2.0.0 < 5.12.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Apr 4, 2023