CVE-2023-28260

CWE-4918 documents7 sources
Severity
7.8HIGH
EPSS
1.4%
top 19.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Microsoft .net 6.0Microsoft .net 7.0Microsoft Microsoft Visual Studio 2022 Version 17.0+7 more
Timeline
PublishedApr 11

Description

.NET DLL Hijacking Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

NVDmicrosoft/.net6.0.06.0.16+1
CVEListV5microsoft/.net_6.06.0.06.0.16
CVEListV5microsoft/.net_7.07.0.07.0.5
CVEListV5microsoft/powershell_7.27.2.07.2.11
CVEListV5microsoft/powershell_7.37.3.07.3.4

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

4
OSV
CVE-2023-282602023-04-11
OSV
.NET Remote Code Execution vulnerability2023-04-11
GHSA
.NET Remote Code Execution vulnerability2023-04-11
CVEList
.NET DLL Hijacking Remote Code Execution Vulnerability2023-04-11

📋Vendor Advisories

3
Microsoft
.NET DLL Hijacking Remote Code Execution Vulnerability2023-04-11
Ubuntu
.NET vulnerability2023-04-11
Red Hat
dotnet: CWD dll hijack vulnerability2023-04-11
CVE-2023-28260 (HIGH CVSS 7.8) | .NET DLL Hijacking Remote Code Exec | cvebase.io