CVE-2023-33170: ASP.NET VS Security Feature Bypass
CVE-2023-33170 Published on July 11, 2023
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2023-33170 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2023-33170
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-33170 are published in these products:
Affected Versions
Microsoft Visual Studio 2022 version 17.2:- Version 17.2.0 and below 17.2.17 is affected.
- Version 17.0.0 and below 17.0.23 is affected.
- Version 17.4.0 and below 17.4.9 is affected.
- Version 17.6.0 and below 17.6.5 is affected.
- Version 6.0.0 and below 6.0.20 is affected.
- Version 7.0.0 and below 7.0.9 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-33170
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.Identity | < 2.1.39 | 2.1.39 |
| nuget | Microsoft.AspNet.Identity.Owin | < 2.2.4 | 2.2.4 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-x64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-x64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | < 6.0.20 | 6.0.20 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x86 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-x64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.win-arm | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-x64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.osx-arm64 | < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-x64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-x64 | < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-arm64 | >= 7.0.0, < 7.0.9 | 7.0.9 |
| nuget | Microsoft.AspNetCore.App.Runtime.linux-musl-arm | >= 7.0.0, < 7.0.9 | 7.0.9 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.