CVE-2024-0057 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
microsoft	CNA	9.1 CRITICAL				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Affected Products (NVD)

Vendor	Product	Version
microsoft	powershell	7.2 ≤ 𝑥 < 7.2.18
microsoft	powershell	7.3 ≤ 𝑥 < 7.3.11
microsoft	powershell	7.4
microsoft	visual_studio_2022	17.2 ≤ 𝑥 < 17.2.23
microsoft	visual_studio_2022	17.4 ≤ 𝑥 < 17.4.15
microsoft	visual_studio_2022	17.6 ≤ 𝑥 < 17.6.11
microsoft	visual_studio_2022	17.8 ≤ 𝑥 < 17.8.4
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.02
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.01
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net_framework	4.8 ≤ 𝑥 < 4.8.04690.02
microsoft	.net_framework	3.5
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	3.0:sp2
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.26
microsoft	.net	7.0.0 ≤ 𝑥 < 7.0.15
microsoft	.net	8.0.0

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5033910
1607 (x64, x86)	KB5034119
1809 (arm64, x64, x64, x86, x86)	KB5034273
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5034274
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5034275

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5034276
22H2 (arm64, x64)	KB5033920
23H2 (arm64, x64)	KB5033920

Windows Server 2008

Service Pack 2 (x64, x86)

Windows Server 2008 R2

Service Pack 1 (x64)	KB5034277
Service Pack 1 (x64)	KB5034269
Service Pack 1 Server Core (x64)	KB5034277
Service Pack 1 Server Core (x64)	KB5034269

Windows Server 2012

Server Core	KB5034278
Standard	KB5034278

Windows Server 2012 R2

Server Core	KB5034279
Standard	KB5034279

Windows Server 2016

Server Core	KB5033910
Server Core	KB5034119
Standard	KB5033910
Standard	KB5034119

Windows Server 2019

Server Core	KB5034273
Standard	KB5034273

Windows Server 2022

23H2 Server Core	KB5034272
Server Core	KB5034272
Standard	KB5034272

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	Fixed 6.0.126-0ubuntu1~22.04.1 released
lunar	Fixed 6.0.126-0ubuntu1~23.04.1 released
mantic	Fixed 6.0.126-0ubuntu1~23.10.1 released
trusty	dne
xenial	dne

dotnet7

bionic	dne
focal	dne
jammy	Fixed 7.0.115-0ubuntu1~22.04.1 released
lunar	Fixed 7.0.115-0ubuntu1~23.04.1 released
mantic	Fixed 7.0.115-0ubuntu1~23.10.1 released
trusty	dne
xenial	dne

dotnet8

bionic	dne
focal	dne
jammy	not-affected
lunar	dne
mantic	Fixed 8.0.101-8.0.1-0ubuntu1~23.10.1 released
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057

https://security.netapp.com/advisory/ntap-20240208-0007/