PT-2023-4295 · Microsoft+1 · Visual Studio+2

Brennan Conroy

·

Publicado

2023-08-08

·

Atualizado

2024-12-13

·

CVE-2023-35391

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions ASP.NET Core SignalR and Visual Studio (affected versions not specified)
Description The issue is related to insufficient access control in the software development tool Microsoft Visual Studio and the Microsoft .NET platform. This can potentially allow an attacker to elevate their privileges. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-200

Identificadores relacionados

ALT-PU-2024-1066
ALT-PU-2024-1067
ALT-PU-2024-1068
ALT-PU-2024-1069
ALT-PU-2024-16792
ALT-PU-2024-16794
ALT-PU-2024-16796
ALT-PU-2024-16939
ALT-PU-2024-2761
ALT-PU-2024-2763
ALT-PU-2024-2765
ALT-PU-2024-2767
BDU:2023-04615
BDU:2023-04621
BIT-ASPNET-CORE-2023-35391
BIT-DOTNET-2023-35391
BIT-DOTNET-SDK-2023-35391
CVE-2023-35391
GHSA-J8RM-CM55-QQJ6

Produtos afetados

Alt Linux
Asp.Net Core Signalr
Visual Studio