CVE-2023-24936

EUVD-2023-1839
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
7.5 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
4.8
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
4.6.2
microsoft.net_framework
3.5.1
microsoft.net_framework
3.5
microsoft.net_framework
4.6.2
microsoft.net_framework
3.5
microsoft.net_framework
4.8.1
microsoft.net_framework
3.5
microsoft.net_framework
4.8
microsoft.net_framework
3.5
microsoft.net_framework
4.7.2
microsoft.net_framework
3.5
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
microsoft.net_framework
4.7.1
microsoft.net_framework
4.7.2
microsoft.net_framework
3.5
microsoft.net_framework
3.0:sp2
microsoft.net_framework
2.0:sp2
microsoft.net
6.0.0
microsoft.net
7.0.0
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5027230
1607 (x64, x86)
KB5027123
1607 (x64, x86)
KB5027219
1809 (arm64, x64, x86, x86)
KB5027536
21H2 (arm64, arm64, x64, x64, x86, x86)
KB5027537
22H2 (arm64, arm64, x64, x64, x86, x86)
KB5027538
Windows 11
21H2 (arm64, arm64, x64, x64)
KB5027539
22H2 (arm64, x64)
KB5027119
Windows Server 2008
Service Pack 2 (x64, x64, x86, x86)
KB5027543
Service Pack 2 Server Core (x64, x86)
KB5027543
Windows Server 2008 R2
Service Pack 1 (x64, x64, x64)
KB5027540
Service Pack 1 Server Core (x64, x64, x64)
KB5027540
Windows Server 2012
Server Core
KB5027541
Standard
KB5027541
Windows Server 2012 R2
Server Core
KB5027542
Standard
KB5027542
Windows Server 2016
Server Core
KB5027123
Server Core
KB5027219
Standard
KB5027123
Standard
KB5027219
Windows Server 2019
Server Core
KB5027536
Standard
KB5027536
Windows Server 2022
Server Core
KB5027544
Standard
KB5027544
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dotnet6
bionic
dne
focal
dne
jammy
Fixed 6.0.118-0ubuntu1~22.04.1
released
kinetic
Fixed 6.0.118-0ubuntu1~22.10.1
released
lunar
Fixed 6.0.118-0ubuntu1~23.04.1
released
trusty
dne
xenial
dne
dotnet7
bionic
dne
focal
dne
jammy
Fixed 7.0.107-0ubuntu1~22.04.1
released
kinetic
Fixed 7.0.107-0ubuntu1~22.10.1
released
lunar
Fixed 7.0.107-0ubuntu1~23.04.1
released
trusty
dne
xenial
dne
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936