CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.5%
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | asp.net_core | 3.1 | cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:* |
microsoft | asp.net_core | 5.0 | cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:* |
microsoft | asp.net_core | 6.0 | cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:* |
microsoft | visual_studio_2019 | 16.7 | cpe:2.3:a:microsoft:visual_studio_2019:16.7:*:*:*:*:*:*:* |
microsoft | visual_studio_2019 | 16.9 | cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:* |
microsoft | visual_studio_2019 | 16.11 | cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:* |
microsoft | visual_studio_2022 | 17.0 | cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:* |
[
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.0.0",
"lessThan": "16.7.23",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "15.0.0",
"lessThan": "16.9.15",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.11.0",
"lessThan": "16.11.8",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.0",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.0.3",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 3.1",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.0",
"lessThan": "3.1.22",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 5.0",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "5.0",
"lessThan": "5.0.13",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 6.0",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "6.0",
"lessThan": "6.0.101",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.1",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.1.4",
"versionType": "custom",
"status": "affected"
}
]
}
]
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
9.5%