Описание
.NET and Visual Studio Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain the rights of the user that is running the affected application.
According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by abusing the .NET diagnostics server to gain elevation of privileges.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.0 | ||
| PowerShell 7.2 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.4 | ||
| .NET 7.0 | ||
| PowerShell 7.3 | ||
| Microsoft Visual Studio 2022 version 17.6 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
.NET and Visual Studio Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
Уязвимость программной платформы .NET и средства разработки программного обеспечения Microsoft Visual Studio, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии
EPSS
8.1 High
CVSS3