CVE-2023-36049: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Overview

Severity: High (CVSS 7.6)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C
Category: Elevation of Privilege
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2023-Nov
Released: 2023-11-14
Last Updated: 2024-01-26
EPSS Score: 2.12% (percentile: 84.1%)

FAQ

How could an attacker exploit this vulnerability? To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability would be access controls on the server, allowing for read or write abilities. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

Affected Products (77)

Developer Tools

Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2022 version 17.7
Microsoft Visual Studio 2022 version 17.6
.NET 8.0
.NET 6.0
.NET 7.0
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 4.8 on Windows Server 2016
Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2012
Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.8 on Windows Server 2012 R2
Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 11 version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systems
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019
Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022
... and 27 more

Security Updates (34)

Acknowledgments

<a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a>, Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative, <a href="https://twitter.com/thezdi">Anonymous</a> with <a href="https://www.zerodayinitiative.com/">Trend Micro</a>

Revision History

2023-11-14: Information published.
2023-11-16: Revised the Security Updates table to include PowerShell 7.2, PowerShell 7.3, and PowerShell 7.4 because these versions of PowerShell 7 are affected by this vulnerability. See https://github.com/PowerShell/Announcements/issues/54 for more information.
2023-11-17: Updated the build numbers. This is an informational update only.
2024-01-26: Updated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.