CVE-2023-36758: Visual Studio Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Sep

Released

2023-09-12

EPSS Score

0.15% (percentile: 36.3%)

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level.

Affected Products (1)

Developer Tools

• Microsoft Visual Studio 2022 version 17.7

Security Updates (1)

• Release Notes

Acknowledgments

Siemens AG, Anonymous, Angel Palomo of ING

Revision History

• 2023-09-12: Information published.