CVE-2023-36899 — Vulnetix

CVE-2023-36899 PUBLISHED CVSS 8.800000190734863 HIGH

ASP.NET Elevation of Privilege Vulnerability

EPSS 70.04% · 98.7th percentile

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

EPSS Score

70.04%

98.7th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Microsoft .NET Framework 2.0 Service Pack 2	2.0.0
Microsoft	Microsoft .NET Framework 3.5 and 4.6.2	4.7.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	4.8.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	4.7.0
microsoft	.net	4.8.0, 4.7.0, 4.8.1
microsoft	.net_framework	4.7.2, 4.8.1, 4.7.2
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	4.7.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2	3.0.0.0
Microsoft	Microsoft .NET Framework 4.8	4.8.0
Microsoft	Microsoft .NET Framework 4.6.2	4.7.0
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	4.8.1

Exploit Intelligence

CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。 (github-poc)
CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。 (github-poc)
CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。 (github-poc)
CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。 (github-poc)
CVE-2023-36899漏洞的复现环境和工具，针对ASP.NET框架中的无cookie会话身份验证绕过。 (github-poc)
CVE-2023-36899 PoC (github-poc)
CVE-2023-36899 PoC (github-poc)
CVE-2023-36899 PoC (github-poc)
CVE-2023-36899 PoC (github-poc)
CVE-2023-36899 PoC (github-poc)

…and 4 more exploits

Timeline

Aug 8, 2023 CVE Published
Aug 9, 2023 EPSS Score
Oct 26, 2023 CVE Updated
Mar 17, 2025 EPSS Score
Apr 15, 2025 EPSS Score
May 1, 2025 EPSS Score
May 4, 2025 EPSS Score
May 21, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 4, 2025 EPSS Score
Jul 1, 2025 EPSS Score
Jul 4, 2025 EPSS Score

References

ASP.NET Elevation of Privilege Vulnerability vendor-advisory
https://msrc.microsoft.com/update-guide/ advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-36899 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›