Описание
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
FAQ
How could an attacker exploit this vulnerability?
To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability would be access controls on the server, allowing for read or write abilities.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.4 | ||
| .NET 7.0 | ||
| Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft Visual Studio 2022 version 17.7 | ||
| .NET 8.0 | ||
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | ||
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | ||
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.6 High
CVSS3
Связанные уязвимости
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
Уязвимость программной платформы Microsoft .NET Framework, средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.6 High
CVSS3