CVE-2024-29059

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions prior to 4.8.4682.0/4.8.9206.0

Description The vulnerability is related to insufficient protection of service data when processing ObjRef objects, which may allow a remote attacker to gain unauthorized access to protected information. A successful exploit may allow an attacker to disclose sensitive information. The issue has been exploited in the wild and is tracked by CISA as a Known Exploited Vulnerability.

Recommendations Upgrade .NET ASAP to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to HTTP .NET Remoting to minimize the risk of exploitation. Avoid using ObjRef objects in HTTP .NET Remoting until the issue is resolved.