fkie_cve-2023-36558
Vulnerability from fkie_nvd
Published
2023-11-14 22:15
Modified
2025-01-01 03:15
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
ASP.NET Core Security Feature Bypass Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | * | |
| microsoft | .net | * | |
| microsoft | .net | 8.0.0 | |
| microsoft | .net | 8.0.0 | |
| microsoft | asp.net_core | * | |
| microsoft | asp.net_core | * | |
| microsoft | asp.net_core | 8.0.0 | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * | |
| microsoft | visual_studio_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094", versionEndExcluding: "6.0.25", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", matchCriteriaId: "73A23066-A84B-4E76-B0ED-63BA1A9C1263", versionEndExcluding: "7.0.14", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", matchCriteriaId: "5F3CB225-CDF6-4730-A20C-891AB87CBB9A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", matchCriteriaId: "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "C29B573F-A45D-440B-913F-27AB0A46BCA2", versionEndExcluding: "6.0.25", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", matchCriteriaId: "E923109F-46CA-4581-933D-D65C83D72390", versionEndExcluding: "7.0.14", versionStartIncluding: "7.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:asp.net_core:8.0.0:-:*:*:*:*:*:*", matchCriteriaId: "81F3914E-4A24-4434-8487-31F45948BE86", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "9EABB880-0CBA-45CD-A197-CB1EE1710061", versionEndExcluding: "17.2.22", versionStartIncluding: "17.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "BCC513DB-075E-4D09-B289-902F3C16BFB7", versionEndExcluding: "17.4.14", versionStartIncluding: "17.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "56738F2F-8802-4ADB-AC7C-9BAD67626C75", versionEndExcluding: "17.6.10", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D", versionEndExcluding: "17.7.7", versionStartIncluding: "17.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ASP.NET Core Security Feature Bypass Vulnerability", }, { lang: "es", value: "Vulnerabilidad de omisión de funciones de seguridad en ASP.NET Core", }, ], id: "CVE-2023-36558", lastModified: "2025-01-01T03:15:20.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-14T22:15:29.323", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.