VDB
CVE-2023-36018
CVE-2023-36018
PUBLISHED
In Microsoft .NET Framework, Microsoft ASP.NET, Microsoft Visual Studio und Microsoft Visual Studio Code existieren mehrere, nicht im Detail beschriebene Schwachstellen. Ein Angreifer kann dies ausnutzen, um Sicherheitsmechanismen zu umgehen, um seine Privilegien zu erhöhen und um einen Denial of Service Zustand herbeizuführen. Zur Ausnutzung einiger dieser Schwachstellen ist eine Authentisierung erforderlich.
EPSS 1.61% · 82.1th percentile
Risk Scores
EPSS Score
1.61%
82.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft .NET Framework 3.5.1 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.2 | |
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | |
| Ubuntu | Ubuntu Linux | |
| Microsoft | Microsoft .NET Framework 4.7.2 | |
| Microsoft | Microsoft .NET Framework 3.5 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.4 | |
| Microsoft | Microsoft ASP.NET Core 6.0 | |
| Microsoft | Microsoft .NET Framework 4.8 | |
| Microsoft | Microsoft .NET Framework 2.0 SP2 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.6 | |
| Microsoft | Microsoft Visual Studio Code Jupyter Extension for Visual Studio Code | |
| Microsoft | Microsoft .NET Framework 3.0 SP2 | |
| Microsoft | Microsoft .NET Framework 4.6 | |
| Microsoft | Microsoft ASP.NET Core 7.0 | |
| Microsoft | Microsoft .NET Framework 4.7 | |
| Microsoft | Microsoft ASP.NET Core 8.0 | |
| Microsoft | Microsoft .NET Framework 4.8.1 | |
| Microsoft | Microsoft .NET Framework 4.6.2 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.7 |
…and 3 more
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
- cve_test.go (github-poc)
…and 5 more exploits
Timeline
- Nov 14, 2023 CVE Published
- Nov 15, 2023 EPSS Score
- Dec 15, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Mar 15, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 14, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
- Jul 14, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
- Oct 13, 2024 EPSS Score
- Nov 12, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2895.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2895 advisory
- https://linux.oracle.com/errata/ELSA-2023-7255.html advisory
- https://linux.oracle.com/errata/ELSA-2023-7257.html advisory
- https://linux.oracle.com/errata/ELSA-2023-7253.html advisory
- https://linux.oracle.com/errata/ELSA-2023-7258.html advisory
- https://linux.oracle.com/errata/ELSA-2023-7256.html advisory
- https://access.redhat.com/errata/RHSA-2023:7254 advisory
- https://access.redhat.com/errata/RHSA-2023:7255 advisory
- https://access.redhat.com/errata/RHSA-2023:7256 advisory
- https://access.redhat.com/errata/RHSA-2023:7257 advisory
- https://ubuntu.com/security/notices/USN-6480-1 advisory
- https://access.redhat.com/errata/RHSA-2023:7258 advisory
- https://access.redhat.com/errata/RHSA-2023:7259 advisory
- https://access.redhat.com/errata/RHSA-2023:7253 advisory
- https://msrc.microsoft.com/update-guide advisory