CVE-2024-38081

CWE-598 documents6 sources

Severity

7.3HIGH

EPSS

0.8%

top 25.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net 6.0 Microsoft Microsoft .net Framework 2.0 Service Pack 2 Microsoft Microsoft .net Framework 3.0 Service Pack 2 +16 more

Timeline

PublishedJul 9

Latest updateMay 16

Description

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages20 packages

▶NVDmicrosoft/visual_studio_202217.4 — 17.4.21+2

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.417.4.0 — 17.4.21

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.617.6.0 — 17.6.17

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.817.8.0 — 17.8.12

▶CVEListV5microsoft/microsoft_.net_framework_3.53.5.0 — 3.5.30729.8972

Patches

Patch: msrc.microsoft.com ↗Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability↗2024-07-09

▶

CVEList

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability↗2024-07-09

▶

OSV

CVE-2024-38081↗2024-07-09

▶

OSV

Microsoft Security Advisory CVE-2024-38081 | .NET Elevation of Privilege Vulnerability↗2024-07-09

▶

📋Vendor Advisories

Red Hat

qt: Improper Link Resolution Before File Access in QFileSystemEngine on Windows↗2025-05-16

▶

Microsoft

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability↗2024-07-09

▶

Red Hat

dotnet: Elevation of Privilege in VS Installer via NuGet config file↗2024-07-09

▶