CVE-2023-33127 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
microsoft	CNA	8.1 HIGH				CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.20
microsoft	.net	7.0.0 ≤ 𝑥 < 7.0.9
microsoft	visual_studio_2022	17.0 ≤ 𝑥 < 17.0.23
microsoft	visual_studio_2022	17.2.0 ≤ 𝑥 < 17.2.17
microsoft	visual_studio_2022	17.4.0 ≤ 𝑥 < 17.4.9
microsoft	visual_studio_2022	17.6.0 ≤ 𝑥 < 17.6.5
microsoft	visual_studio_2022	17.3

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

lunar	not-affected
kinetic	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

dotnet7

lunar	not-affected
kinetic	not-affected
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-1220 - Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127