.NET Spoofing Vulnerability in .NET Framework
CVE-2022-34716 Published on August 9, 2022

.NET Spoofing Vulnerability
.NET Spoofing Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2022-34716

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Powershell

Microsoft Net

Microsoft .NET Core

Affected Versions

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8):

Version 15.9.0 and below 15.9.50 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.7 is affected.

Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8):

Version 15.0.0 and below 16.9.24 is affected.

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10):

Version 16.11.0 and below 16.11.18 is affected.

Microsoft Visual Studio 2022 version 17.0:

Version 17.0.0 and below 17.0.13 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.8 is affected.

Microsoft .NET Core 3.1:

Version 3.1 and below 3.1.28 is affected.

Microsoft PowerShell 7.0:

Version 7.0.0 and below 7.0.12 is affected.

Microsoft PowerShell 7.2:

Version 7.2.0 and below 7.2.6 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-34716

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.win-arm64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.win-arm	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.osx-arm64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-arm	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-arm64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.linux-musl-x64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.osx-x64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.win-x86	>= 3.1.0, <= 3.1.27	3.1.28
nuget	Microsoft.AspNetCore.App.Runtime.linux-x64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 6.0.0, <= 6.0.7	6.0.8
nuget	Microsoft.AspNetCore.App.Runtime.win-x64	>= 3.1.0, <= 3.1.27	3.1.28
nuget	System.Security.Cryptography.Xml	>= 5.0.0, <= 6.0.0	6.0.1
nuget	System.Security.Cryptography.Xml	<= 4.7.0	4.7.1

Exploit Probability

EPSS

1.11%

Percentile

77.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.