8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
45.7%
A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
bugzilla.redhat.com/show_bug.cgi?id=2221854
devblogs.microsoft.com/dotnet/july-2023-updates/
github.com/advisories/GHSA-25c8-p796-jg6r
github.com/dotnet/announcements/issues/264
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
nvd.nist.gov/vuln/detail/CVE-2023-33170
www.cve.org/CVERecord?id=CVE-2023-33170