CVE-2024-43498 - OpenCVE

.NET and Visual Studio Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Microsoft	.net Visual Studio

No data.

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498
https://nvd.nist.gov/vuln/detail/CVE-2024-43498
https://www.cve.org/CVERecord?id=CVE-2024-43498

History

Wed, 13 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 13 Nov 2024 13:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-704
References		https://nvd.nist.gov/vuln/detail/CVE-2024-43498 https://www.cve.org/CVERecord?id=CVE-2024-43498
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 12 Nov 2024 18:00:00 +0000

Type	Values Removed	Values Added
Description		.NET and Visual Studio Remote Code Execution Vulnerability
Title		.NET and Visual Studio Remote Code Execution Vulnerability
First Time appeared		Microsoft Microsoft .net Microsoft visual Studio
Weaknesses		CWE-843
CPEs		cpe:2.3:a:microsoft:.net:9.0.0:::::::* cpe:2.3:a:microsoft:visual_studio:2022:::::::*
Vendors & Products		Microsoft Microsoft .net Microsoft visual Studio
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-11-12T17:53:58.782Z

Updated: 2024-11-14T21:27:04.805Z

Reserved: 2024-08-14T01:08:33.521Z

Link: CVE-2024-43498

Vulnrichment

Updated: 2024-11-13T20:11:55.335Z

NVD

Status : Awaiting Analysis

Published: 2024-11-12T18:15:24.110

Modified: 2024-11-13T17:01:58.603

Link: CVE-2024-43498

Redhat

Severity : Important

Publid Date: 2024-11-12T00:00:00Z

Links: CVE-2024-43498 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-43498", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2024-08-14T01:08:33.521Z", "datePublished": "2024-11-12T17:53:58.782Z", "dateUpdated": "2024-11-14T21:27:04.805Z"}, "containers": {"cna": {"title": ".NET and Visual Studio Remote Code Execution Vulnerability", "datePublic": "2024-11-12T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.8.0", "lessThan": "17.8.16", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.6.0", "lessThan": "17.6.21", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.10", "lessThan": "17.10.9", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.11", "cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.11", "lessThan": "17.11.6", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 9.0", "cpes": ["cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "9.0.0", "lessThan": "9.0.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": ".NET and Visual Studio Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", "lang": "en-US", "type": "CWE", "cweId": "CWE-843"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-11-14T21:27:04.805Z"}, "references": [{"name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-13T20:11:42.647690Z", "id": "CVE-2024-43498", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T20:11:59.384Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-43498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-13T20:11:42.647690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T20:11:55.335Z"}}], "cna": {"title": ".NET and Visual Studio Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.8", "versions": [{"status": "affected", "version": "17.8.0", "lessThan": "17.8.16", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.6", "versions": [{"status": "affected", "version": "17.6.0", "lessThan": "17.6.21", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.10", "versions": [{"status": "affected", "version": "17.10", "lessThan": "17.10.9", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Visual Studio 2022 version 17.11", "versions": [{"status": "affected", "version": "17.11", "lessThan": "17.11.6", "versionType": "custom"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:.net:9.0.0:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": ".NET 9.0", "versions": [{"status": "affected", "version": "9.0.0", "lessThan": "9.0.0", "versionType": "custom"}], "platforms": ["Unknown"]}], "datePublic": "2024-11-12T08:00:00+00:00", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498", "name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": ".NET and Visual Studio Remote Code Execution Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-11-14T21:27:04.805Z"}}}, "cveMetadata": {"cveId": "CVE-2024-43498", "state": "PUBLISHED", "dateUpdated": "2024-11-14T21:27:04.805Z", "dateReserved": "2024-08-14T01:08:33.521Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2024-11-12T17:53:58.782Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}