ASP.NET Security Feature Bypass Vulnerability
CVE-2023-36560

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 3.5 And 4.8.1; Microsoft .net Framework 4.8; Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2
Vendor: CVE Published:; 14 November 2023

Summary

A vulnerability in ASP.NET allows attackers to bypass security features, potentially leading to unauthorized access or data exposure. This flaw affects both ASP.NET Core and the traditional ASP.NET Framework. Organizations utilizing these frameworks should prioritize updating to the latest secure versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 3.0.50727.8975

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.50727.8975

Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Windows 10 Version 1607 for 32-bit Systems 3.0.0.0 < 10.0.14393.6452

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 23, 2023