VDB
CVE-2024-20667
CVE-2024-20667
PUBLISHED
Es bestehen mehrere Schwachstellen in den Developer Tools. Diese Fehler bestehen in den Anwendungen Microsoft ASP.NET, Microsoft Azure DevOps Server und Microsoft Visual Studio 2022. Diese Fehler sind noch nicht im Detail beschrieben. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
EPSS 0.31% · 54.9th percentile
Risk Scores
EPSS Score
0.31%
54.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Azure DevOps Server 2022.1 | |
| Microsoft | Microsoft Azure DevOps Server 2019.1.2 | |
| Red Hat | Red Hat Enterprise Linux | |
| Microsoft | Microsoft Visual Studio 2022 version 17.8 | |
| Microsoft | Microsoft Azure Active Directory B2C | |
| Microsoft | Microsoft Azure DevOps Server 2020.1.2 | |
| Microsoft | Microsoft Visual Studio 2022 version 17.4 | |
| Microsoft | Microsoft Azure Connected Machine Agent | |
| Oracle | Oracle Linux | |
| Microsoft | Microsoft Azure Stack Hub | |
| RESF | RESF Rocky Linux | |
| Microsoft | Microsoft ASP.NET Core 6.0 | |
| Microsoft | Microsoft ASP.NET Core 7.0 | |
| Microsoft | Microsoft ASP.NET Core 8.0 | |
| Microsoft | Microsoft Azure File Sync v17.0 | |
| Microsoft | Microsoft Azure File Sync v15.0 | |
| Microsoft | Microsoft Azure File Sync v14.0 | |
| Microsoft | Microsoft Azure Site Recovery | |
| Microsoft | Microsoft Azure Kubernetes Service Confidential Containers | |
| Microsoft | Microsoft Azure File Sync v16.0 |
…and 1 more
Exploit Intelligence
- CIRCL seen: CVE-2024-20667 (circl-sighting)
- CIRCL seen: CVE-2024-20667 (circl-sighting)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- Azure DevOps Server Remote Code Execution Vulnerability (circl)
Timeline
- Feb 13, 2024 CVE Published
- Feb 13, 2024 PoC Published
- Feb 14, 2024 EPSS Score
- Mar 12, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- Jun 1, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Jul 25, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 18, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Nov 11, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0362.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0362 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0365.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0365 advisory
- https://access.redhat.com/errata/RHSA-2024:0807 advisory
- https://access.redhat.com/errata/RHSA-2024:0805 advisory
- https://access.redhat.com/errata/RHSA-2024:0806 advisory
- https://access.redhat.com/errata/RHSA-2024:0808 advisory
- https://access.redhat.com/errata/RHSA-2024:0814 advisory
- https://access.redhat.com/errata/RHSA-2024:0827 advisory
- https://access.redhat.com/errata/RHSA-2024:0848 advisory
- https://linux.oracle.com/errata/ELSA-2024-0805.html advisory
- https://linux.oracle.com/errata/ELSA-2024-0806.html advisory
- https://linux.oracle.com/errata/ELSA-2024-0807.html advisory
- https://linux.oracle.com/errata/ELSA-2024-0808.html advisory
- https://linux.oracle.com/errata/ELSA-2024-0848.html advisory
- https://errata.build.resf.org/RLSA-2024:0806 advisory
- https://errata.build.resf.org/RLSA-2024:0827 advisory
- https://linux.oracle.com/errata/ELSA-2024-0827.html advisory
…and 6 more