Описание
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
A vulnerability was found in FormatFtpCommand in the .NET package that may result in a CRLF injection arbitrary file write and deletion.
Отчет
The vulnerability identified in FormatFtpCommand within the .NET package presents a moderate severity concern rather than an important one due to several mitigating factors. Firstly, while it allows for CRLF (Carriage Return Line Feed) injection, enabling potential arbitrary file write and deletion, its impact is limited by the context in which it can be exploited. The injection occurs within the FTP command formatting process, requiring an attacker to have authenticated access to the FTP server, thereby narrowing the pool of potential exploiters. Furthermore, successful exploitation relies on the specific implementation of the FTP server, as not all configurations may be susceptible to the arbitrary file manipulation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
Уязвимость программной платформы Microsoft .NET Framework, средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
9.8 Critical
CVSS3