CVE-2024-43485 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
microsoft	CNA	7.5 HIGH				CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.35
microsoft	.net	8.0.0 ≤ 𝑥 < 8.0.10
microsoft	visual_studio_2022	17.6.0 ≤ 𝑥 < 17.6.20
microsoft	visual_studio_2022	17.8.0 ≤ 𝑥 < 17.8.15
microsoft	visual_studio_2022	17.10.0 ≤ 𝑥 < 17.10.8
microsoft	visual_studio_2022	17.11.0 ≤ 𝑥 < 17.11.5

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

oracular	dne
noble	dne
jammy	Fixed 6.0.135-0ubuntu1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

dotnet7

oracular	dne
noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

dotnet8

oracular	Fixed 8.0.110-8.0.10-0ubuntu1 released
noble	Fixed 8.0.110-8.0.10-0ubuntu1~24.04.1 released
jammy	Fixed 8.0.110-8.0.10-0ubuntu1~22.04.1 released
focal	dne
bionic	dne
xenial	dne
trusty	dne

dotnet9

oracular	not-affected
noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-407 - Inefficient Algorithmic Complexity
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43485