CVE-2024-20656

MSR

HighConfirmedExploit available

Visual Studio Elevation of Privilege Vulnerability

CVSS

7.8

High

EPSS

0.04

p88

Published

2024-01-01

Updated

2024-01-01

Description

Visual Studio Elevation of Privilege Vulnerability

Tags · CWE

CWE-59

CAPEC-17

CAPEC-35

CAPEC-76

CAPEC-132

Affected products

Visual_studioVisual_studio_2017 15.0–15.9.59Visual_studio_2019 16.0–16.11.33Visual_studio_2022 17.2–17.2.23Visual_studio_2022 17.4–17.4.15Visual_studio_2022 17.6–17.6.11

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

2024-01-01

Published

2024-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.039 · p88

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027.006HTML Smuggling

└ via CAPEC-35 · CWE-59

T1027.009Embedded Payloads

└ via CAPEC-35 · CWE-59

T1547.009Shortcut Modification

└ via CAPEC-132 · CWE-59

T1564.009Resource Forking

└ via CAPEC-35 · CWE-59

T1574.005Executable Installer File Permissions Weakness

└ via CAPEC-17 · CWE-59

T1574.010Services File Permissions Weakness

└ via CAPEC-17 · CWE-59

Known exploits — Сканер-ВС

CVE-2024-20656

github-poc · https://github.com/Wh04m1001/CVE-2024-20656

Enterprise

Affected products

Microsoft

Windows Visual Studio 2022 Visual Studio 2019 Visual Studio 2017 Visual Studio

Product	Vendor	Status
visual_studio	*	Tracked
visual_studio_2017	*	Tracked
visual_studio_2019	*	Tracked
visual_studio_2022	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

MSR

CVE

Related vulnerabilities

BDU:2024-00338