CVE-2019-1142 — Path Traversal in Microsoft NET Framework 3.5

CWE-22 — Path Traversal4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.5%

top 35.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft NET Framework 3.5 Microsoft NET Framework 3.5 AND 4.7.2 ON Windows 10 Version 1809 FOR 32-bit Syst Microsoft NET Framework 3.5 AND 4.7.2 ON Windows 10 Version 1809 FOR X64-based S +23 more

Timeline

PublishedSep 11

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations, aka '.NET Framework Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages26 packages

▶NVDmicrosoft/net_framework9 versions+8

▶CVEListV5microsoft/microsoft_net_framework_3.519 versions+18

▶CVEListV5microsoft/microsoft_net_framework_4.5.27 versions+6

▶CVEListV5microsoft/microsoft_net_framework_4.8_on_windows_rt_8.1unspecified

▶CVEListV5microsoft/microsoft_net_framework_4.8_on_windows_server_2012unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c789-g3w9-xg6f: An elevation of privilege vulnerability exists when the↗2022-05-24

▶

CVEList

CVE-2019-1142: An elevation of privilege vulnerability exists when the↗2019-09-11

▶

📋Vendor Advisories

Microsoft

.NET Framework Elevation of Privilege Vulnerability↗2019-09-10

▶