CVE-2024-38081 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	7.3 HIGH				CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 73%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	3.5.1
microsoft	.net_framework	3.5
microsoft	.net_framework	3.0:sp2
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.8.1
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.32
microsoft	visual_studio_2022	17.4 ≤ 𝑥 < 17.4.21
microsoft	visual_studio_2022	17.6 ≤ 𝑥 < 17.6.17
microsoft	visual_studio_2022	17.8 ≤ 𝑥 < 17.8.12
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5040448
1607 (x64, x86)	KB5039885
1607 (x64, x86)	KB5040434
1809 (arm64, x64, x64, x86, x86)	KB5041017
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5041018
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5041019

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5041020
22H2 (arm64, x64)	KB5039895
23H2 (arm64, x64)	KB5039895

Windows Server 2008

Service Pack 2 (x64, x64, x64, x86, x86, x86)	KB5041027
Service Pack 2 Server Core (x64, x86)	KB5041027

Windows Server 2008 R2

Service Pack 1 (x64, x64, x64)	KB5041026
Service Pack 1 Server Core (x64, x64, x64)	KB5041026
Service Pack 1 Server Core (x64)	KB5041021

Windows Server 2012

Server Core	KB5041022
Standard	KB5041022

Windows Server 2012 R2

Server Core	KB5041023
Standard	KB5041023
Standard	KB5041022

Windows Server 2016

Server Core	KB5040448
Server Core	KB5039885
Standard	KB5040448
Standard	KB5039885

Windows Server 2019

Server Core	KB5041017
Standard	KB5041017

Windows Server 2022

23H2 Server Core	KB5040438
Server Core	KB5041016
Standard	KB5041016

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

bionic	dne
focal	dne
jammy	not-affected
mantic	not-affected
noble	dne
trusty	dne
xenial	dne

dotnet7

bionic	dne
focal	dne
jammy	ignored
mantic	ignored
noble	dne
trusty	dne
xenial	dne

dotnet8

bionic	dne
focal	dne
jammy	not-affected
mantic	not-affected
noble	not-affected
trusty	dne
xenial	dne

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081