CVE-2023-36899

Name of the Vulnerable Software and Affected Versions ASP.NET (affected versions not specified)

Description The issue is related to an elevation-of-privilege vulnerability in ASP.NET, which allows attackers to affect the system. This vulnerability is associated with insufficient access controls in the Microsoft .NET Framework. Exploitation of this vulnerability may enable a remote attacker to elevate their privileges. The vulnerability is also known as "Cookieless DuoDrop" and involves an IIS Auth Bypass and App Pool Privesc in the ASP-NET Framework.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.