Microsoft .NET/Visual Studio Elevation of Privilege
CVE-2023-24936 Published on June 14, 2023
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Products Associated with CVE-2023-24936
stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Microsoft Net. Just hit a watch button to start following.
Affected Versions
Microsoft Visual Studio 2022 version 17.2:- Version 17.2.0 and below 17.2.16 is affected.
- Version 17.0.0 and below 17.0.22 is affected.
- Version 17.4.0 and below 17.4.8 is affected.
- Version 6.0.0 and below 6.0.18 is affected.
- Version 7.0.0 and below 7.0.7 is affected.
- Version 17.6.0 and below 17.6.3 is affected.
- Version 7.2.0 and below 7.2.12 is affected.
- Version 7.3.0 and below 7.3.5 is affected.
- Version 4.8.0 and below 4.8.4644.0 is affected.
- Version 4.8.0 and below 4.8.4644.0 is affected.
- Version 4.7.0 and below 4.7.4050.0 is affected.
- Version 3.0.0.0 and below 10.0.14393.5989 is affected.
- Version 4.7.0 and below 4.7.04043.0 is affected.
- Version 4.8.1 and below 4.8.9166.0 is affected.
- Version 4.7.0 and below 4.7.04043.0 is affected.
- Version 4.7.0 and below 10.0.10240.19983 is affected.
- Version 2.0.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.
- Version 3.0.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.
- Version 3.5.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.
- Version 3.5.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-24936
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-arm | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-x64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.linux-x64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.osx-arm64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.osx-x64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.win-x64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.win-x86 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.linux-x64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-arm64 | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.linux-arm | >= 6.0.0, <= 6.0.16 | 6.0.18 |
| nuget | Microsoft.NetCore.App.Runtime.win-x86 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.win-x64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.win-arm | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.osx-x64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.osx-arm64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-x64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-arm64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-musl-arm | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-arm64 | >= 7.0.0, <= 7.0.5 | 7.0.7 |
| nuget | Microsoft.NetCore.App.Runtime.linux-arm | >= 7.0.0, <= 7.0.5 | 7.0.7 |
Exploit Probability
EPSS
1.09%
Percentile
77.87%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.