CVE-2023-35390
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
08/08/2023
Last modified:
01/01/2025
Description
.NET and Visual Studio Remote Code Execution Vulnerability
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* | 6.0.0 (including) | 6.0.21 (excluding) |
| cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* | 7.0.0 (including) | 7.0.10 (excluding) |
| cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:* | 17.2.0 (including) | 17.2.18 (excluding) |
| cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:* | 17.4.0 (including) | 17.4.10 (excluding) |
| cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:-:*:* | 17.6.0 (including) | 17.6.6 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390