Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562310832280
HistorySep 14, 2023 - 12:00 a.m.

Microsoft Visual Studio Multiple Vulnerabilities-01 (Sep 2023)

2023-09-1400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
microsoft
visual studio
security update
remote code execution
privilege elevation
denial of service
vulnerabilities
update
host

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.8%

JSON

This host is missing an important security
update according to Microsoft Security Update September-2023.

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.832280");
  script_version("2024-02-19T05:05:57+0000");
  script_cve_id("CVE-2023-36758", "CVE-2023-36759", "CVE-2023-36792", "CVE-2023-36793",
                "CVE-2023-36794", "CVE-2023-36796", "CVE-2023-36799");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-15 14:14:00 +0000 (Fri, 15 Sep 2023)");
  script_tag(name:"creation_date", value:"2023-09-14 11:44:15 +0530 (Thu, 14 Sep 2023)");
  script_name("Microsoft Visual Studio Multiple Vulnerabilities-01 (Sep 2023)");

  script_tag(name:"summary", value:"This host is missing an important security
  update according to Microsoft Security Update September-2023.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present
  on the target host.");

  script_tag(name:"insight", value:"Multiple flaws exist due to multiple remote
  code execution, elevation of privilege and denial of service vulnerabilities in
  Microsoft Visual Studio.");

  script_tag(name:"impact", value:"Successful exploitation will allow an attacker
  to cause denial of service, elevate privileges and execute arbitrary code
  on an affected system.");

  script_tag(name:"affected", value:"Microsoft Visual Studio 2022 version 17.7 prior to 17.7.4.");

  script_tag(name:"solution", value:"The vendor has released updates. Please see
  the references for more information.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://docs.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.7");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Windows : Microsoft Bulletins");
  script_dependencies("secpod_ms_visual_prdts_detect.nasl");
  script_mandatory_keys("Microsoft/VisualStudio/Ver");
  script_require_ports(139, 445);
  exit(0);
}

include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");

vsVer = get_kb_item("Microsoft/VisualStudio/Ver");
if(!vsVer || vsVer !~ "^17\."){
  exit(0);
}

os_arch = get_kb_item("SMB/Windows/Arch");
if(!os_arch){
  exit(0);
}

if("x86" >< os_arch){
  key_list = make_list("SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\");
}

else if("x64" >< os_arch){
  key_list = make_list("SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\",
                       "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\");
}


foreach key (key_list)
{
  foreach item (registry_enum_keys(key:key))
  {
    vsname = registry_get_sz(key:key + item, item:"DisplayName");
    if(vsname =~ "^Visual Studio.*2022$")
    {
      install = registry_get_sz(key:key + item, item:"InstallLocation");
      if(install)
        vsversion = fetch_file_version(sysPath:install, file_name:"Common7\IDE\devenv.exe");
      if(!vsversion)
        vsversion = registry_get_sz(key:key + item, item:"DisplayVersion");

      if(!vsversion)
        continue;

      if (version_in_range(version:vsversion, test_version:"17.7", test_version2:"17.7.34031.278")) {
        report = report_fixed_ver(installed_version:vsversion, fixed_version:"Visual Studio 2022 version 17.7.4");
        security_message(port:0, data:report);
        exit(0);
      }
    }
  }
}

exit(99);

Related

nessus 36
openvas 11
mskb 24
osv 28
github 5
kaspersky 1
talosblog 1
prion 7
mscve 7
cve 7
cvelist 7
redhatcve 5
alpinelinux 5
veracode 5
ubuntucve 5
almalinux 8
redhat 10
oraclelinux 8
rocky 3
ubuntu 2
qualysblog 1
rapid7blog 1
ics 1
ibm 1
nessus
nessus
Security Updates for Microsoft Visual Studio Products (September 2023)
2023-09-12 00:00:00
Security Update for .NET Core SDK (September 2023)
2023-09-14 00:00:00
Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2023-369)
2023-10-03 00:00:00
openvas
openvas
Microsoft Visual Studio Multiple Vulnerabilities-02 (Sep 2023)
2023-09-14 00:00:00
Microsoft Visual Studio Multiple Vulnerabilities-03 (Sep 2023)
2023-09-14 00:00:00
Microsoft Visual Studio Multiple Vulnerabilities-04 (Sep 2023)
2023-09-14 00:00:00
mskb
mskb
.NET 7.0 Update - October 24, 2023 (KB5032875)
2023-09-12 07:00:00
.NET 6.0 Update - October 24, 2023 (KB5032874)
2023-09-12 07:00:00
Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2013 Update 5: October 10, 2023 (KB5029365)
2023-09-12 07:00:00
osv
osv
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
2023-09-12 20:51:36
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
2023-09-12 20:15:59
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
2023-09-12 20:05:18
github
github
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
2023-09-12 20:26:05
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
2023-09-12 20:15:59
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
2023-09-12 20:51:36
kaspersky
kaspersky
KLA60561 Multiple vulnerabilities in Microsoft Developer Tools
2023-09-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
2023-09-12 20:51:07
prion
prion
Privilege escalation
2023-09-12 17:15:00
Privilege escalation
2023-09-12 17:15:00
Remote code execution
2023-09-12 17:15:00
mscve
mscve
Visual Studio Elevation of Privilege Vulnerability
2023-09-12 07:00:00
Visual Studio Elevation of Privilege Vulnerability
2023-09-12 07:00:00
Visual Studio Remote Code Execution Vulnerability
2023-09-12 07:00:00
cve
cve
CVE-2023-36759
2023-09-12 17:15:11
CVE-2023-36758
2023-09-12 17:15:11
CVE-2023-36796
2023-09-12 17:15:15
cvelist
cvelist
CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability
2023-09-12 16:58:30
CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability
2023-09-12 16:58:29
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability
2023-09-12 16:58:39
redhatcve
redhatcve
CVE-2023-36793
2023-09-13 09:49:57
CVE-2023-36794
2023-09-13 09:49:54
CVE-2023-36792
2023-09-13 09:55:22
alpinelinux
alpinelinux
CVE-2023-36793
2023-09-12 17:15:14
CVE-2023-36792
2023-09-12 17:15:14
CVE-2023-36794
2023-09-12 17:15:14
veracode
veracode
Remote Code Execution (RCE)
2023-10-02 19:25:39
Remote Code Execution
2023-09-14 10:47:31
Remote Code Execution
2023-09-15 07:07:32
ubuntucve
ubuntucve
CVE-2023-36796
2023-09-12 00:00:00
CVE-2023-36794
2023-09-12 00:00:00
CVE-2023-36793
2023-09-12 00:00:00
almalinux
almalinux
Moderate: .NET 6.0 security update
2023-09-13 00:00:00
Moderate: .NET 7.0 security update
2023-09-13 00:00:00
Moderate: .NET 6.0 security update
2023-11-01 00:00:00
redhat
redhat
(RHSA-2023:6242) Moderate: .NET 6.0 security update
2023-11-01 13:55:23
(RHSA-2023:5142) Moderate: .NET 6.0 security and bug fix update
2023-09-13 09:19:20
(RHSA-2023:6249) Moderate: .NET 6.0 security, bug fix, and enhancement update
2023-11-01 14:32:03
oraclelinux
oraclelinux
.NET 7.0 security update
2023-09-14 00:00:00
.NET 7.0 security update
2023-11-02 00:00:00
.NET 6.0 security update
2023-11-02 00:00:00
rocky
rocky
.NET 6.0 security update
2023-11-11 22:59:08
.NET 6.0 security update
2023-11-11 23:00:10
.NET 6.0 security update
2023-09-19 12:09:00
ubuntu
ubuntu
.Net regressions
2023-10-25 00:00:00
.Net regressions
2023-10-25 00:00:00
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
2023-09-12 19:20:31
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55
ics
ics
Siemens Telecontrol Server Basic
2024-04-11 12:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-10-17 19:19:27

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.8%

JSON
Related for OPENVAS:1361412562310832280
nessus36openvas11mskb24osv28github5kaspersky1talosblog1prion7mscve7cve7cvelist7redhatcve5alpinelinux5veracode5ubuntucve5almalinux8redhat10oraclelinux8rocky3ubuntu2qualysblog1rapid7blog1ics1ibm1