CVE-2024-38081

Опубликовано: 09 июл. 2024

Источник: msrc

CVSS3: 7.3

EPSS Низкий

Описание

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of this vulnerability requires that a local user executes the Visual Studio installer

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

The attacker must have permissions to access the target domain environment to be able to exploit this vulnerability.

Обновления

Продукт	Статья	Обновление
.NET 6.0	5041080	Security Update
Microsoft Visual Studio 2022 version 17.4	Release Notes	Security Update
Microsoft Visual Studio 2022 version 17.6	Release Notes	Security Update
Microsoft Visual Studio 2022 version 17.8	Release Notes	Security Update
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)	5041022	Monthly Rollup
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012	5041022	Monthly Rollup
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)	5041023	Monthly Rollup
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2	5041023	Monthly Rollup
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022	5041016	Security Update
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation)	5041016	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 37%

0.00153

Низкий

7.3 High

CVSS3

Связанные уязвимости

CVE-2024-38081

CVSS3: 7.3

ubuntu

12 месяцев назад

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2024-38081

CVSS3: 7.3

redhat

12 месяцев назад

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2024-38081

CVSS3: 7.3

nvd

12 месяцев назад

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

GHSA-hq7w-xv5x-g34j

CVSS3: 7.3

github

12 месяцев назад

Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability

BDU:2024-05994

CVSS3: 7.3

fstec

12 месяцев назад

Уязвимость программной платформы Microsoft.NET Framework и .NET операционных систем Windows, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 37%

0.00153

Низкий

7.3 High

CVSS3