CVE-2024-43498

CVE

High

.NET and Visual Studio Remote Code Execution Vulnerability

CVSS

8.8

High

EPSS

0.04

p87

Published

2024-01-01

Updated

2024-01-01

Description

.NET and Visual Studio Remote Code Execution Vulnerability

Tags · CWE

Pre-auth

CWE-704

CWE-843

Affected products

Visual_studio_2022 17.6–17.6.21Visual_studio_2022 17.8–17.8.16Visual_studio_2022 17.10.0–17.10.9Visual_studio_2022 17.11.0–17.11.6

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

2024-01-01

Published

2024-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.035 · p87

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Canonical

Dotnet6 Dotnet7 Dotnet8 Dotnet9

Microsoft

Windows .net Visual Studio 2022

Product	Vendor	Status
dotnet6		Tracked
dotnet7		Tracked
dotnet8		Tracked
dotnet8		Tracked
dotnet8		Tracked
dotnet9		Tracked
dotnet9.0		Tracked
.net	*	Tracked
visual_studio_2022	*	Tracked

Source databases

CVE

RED

UBU

Related vulnerabilities

BDU:2024-11130