Nov 2023: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-36049 Published on November 14, 2023

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2023-36049

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-36049 are published in these products:

Canonical Ubuntu Linux

Microsoft Net

Microsoft Visual Studio 2022

Microsoft Visual Studio

Microsoft .NET Framework

Affected Versions

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.22 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.14 is affected.

Microsoft Visual Studio 2022 version 17.7:

Version 17.7.0 and below 17.7.7 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.10 is affected.

Microsoft .NET 8.0:

Version 8.0 and below 8.0.0 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.25 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.14 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

Version 4.8.1 and below 4.8.9206.0 is affected.

Microsoft .NET Framework 4.8:

Version 4.8.0 and below 4.8.4682.0 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

Version 4.8.0 and below 4.8.4682.0 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

Version 4.7.0 and below 4.7.4076.0 is affected.

Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2:

Version 3.0.0.0 and below 10.0.14393.6452 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

Version 4.7.0 and below 4.7.4076.0 is affected.

Microsoft .NET Framework 4.6.2:

Version 4.7.0 and below 4.7.4076.0 is affected.

Microsoft .NET Framework 3.5 AND 4.6/4.6.2:

Version 10.0.0 and below 10.0.10240.20308 is affected.

Microsoft .NET Framework 2.0 Service Pack 2:

Version 2.0.0 and below 3.0.50727.8975 is affected.

Microsoft .NET Framework 3.0 Service Pack 2:

Version 3.0.0 and below 3.0.50727.8975 is affected.

Microsoft .NET Framework 3.5:

Version 3.5.0 and below 3.0.50727.8975 is affected.

Microsoft .NET Framework 3.5.1:

Version 3.5.0 and below 3.0.50727.8975 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-36049

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	System.Net.Requests	>= 7.0.0, <= 7.0.13	7.0.14
nuget	System.Net.Requests	>= 6.0.0, <= 6.0.24	6.0.25
nuget	System.Net.Requests	= 8.0.0-rc.2.23480.2	8.0.0

Exploit Probability

EPSS

3.49%

Percentile

87.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.