.NET Framework Spoofing Vulnerability
CVE-2023-36873

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 4.8; Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2; Microsoft .net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2
Vendor: CVE Published:; 8 August 2023

Summary

The .NET Framework is impacted by a spoofing vulnerability that could allow an attacker to impersonate a user or a service. By exploiting this vulnerability, an attacker may leverage malicious code to potentially mislead users and gain unauthorized access to sensitive information. It is crucial for organizations using affected versions of the .NET Framework to apply the necessary patches and updates to enhance their security posture.

Affected Version(s)

Microsoft .NET Framework 3.5 and 4.6.2 Windows 10 for 32-bit Systems 4.7.0 < 10.0.10240.20107

Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Windows 10 Version 1607 for 32-bit Systems 3.0.0.0 < 10.0.14393.6167

Microsoft .NET Framework 3.5 AND 4.7.2 Windows 10 Version 1809 for 32-bit Systems 4.7.0 < 3.5.04057.05

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 27, 2023