CVE-2023-33127

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS 8.1 HIGHEPSS 2.0%CWE-1220

In short

A flaw in .NET and Visual Studio allows a local user to gain higher privileges on the system. An attacker who can run code on your computer could use this vulnerability to take control of it with administrator rights.

Technical detail

This elevation of privilege vulnerability in .NET and Visual Studio (CWE-1220) allows a local attacker to escalate privileges from a lower-privileged context to a higher-privileged one. The attack requires local code execution capability; exploitation results in unauthorized administrative access to the affected system.

Summary generated and translated by AI from the official description.

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft Visual Studio 2022 version 17.0 Microsoft · Microsoft Visual Studio 2022 version 17.2 Microsoft · Microsoft Visual Studio 2022 version 17.4 Microsoft · Microsoft Visual Studio 2022 version 17.6 Microsoft · .NET 6.0 Microsoft · .NET 7.0 Microsoft · PowerShell 7.2 Microsoft · PowerShell 7.3

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127