CVE-2024-0057

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVSS 9.1 CRITICALEPSS 2.8%CWE-20

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 2.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

09 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft .NET Framework 2.0 Service Pack 2 Microsoft · Microsoft .NET Framework 3.0 Service Pack 2 Microsoft · Microsoft .NET Framework 3.5 AND 4.7.2 Microsoft · Microsoft .NET Framework 3.5 AND 4.8 Microsoft · Microsoft .NET Framework 3.5 AND 4.8.1 Microsoft · Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft · Microsoft .NET Framework 4.8 Microsoft · Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft · Microsoft Visual Studio 2022 version 17.2 Microsoft · Microsoft Visual Studio 2022 version 17.4 Microsoft · Microsoft Visual Studio 2022 version 17.6 Microsoft · Microsoft Visual Studio 2022 version 17.8 Microsoft · .NET 6.0 Microsoft · .NET 7.0 Microsoft · .NET 8.0 Microsoft · NuGet 17.4.0 Microsoft · NUGET 17.6.0 Microsoft · NuGet 17.8.0 Microsoft · NuGet 5.11.0 Microsoft · PowerShell 7.2 Microsoft · PowerShell 7.3 Microsoft · PowerShell 7.4

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 https://security.netapp.com/advisory/ntap-20240208-0007/