Security Updates for Microsoft .NET Framework (November 2023)

critical Nessus Plugin ID 185887

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?8ab9cfd4

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36560

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059

https://support.microsoft.com/en-us/help/5031984

https://support.microsoft.com/en-us/help/5031987

https://support.microsoft.com/en-us/help/5031988

https://support.microsoft.com/en-us/help/5031989

https://support.microsoft.com/en-us/help/5031990

https://support.microsoft.com/en-us/help/5031991

https://support.microsoft.com/en-us/help/5031993

https://support.microsoft.com/en-us/help/5031995

https://support.microsoft.com/en-us/help/5031999

https://support.microsoft.com/en-us/help/5032000

https://support.microsoft.com/en-us/help/5032004

https://support.microsoft.com/en-us/help/5032005

https://support.microsoft.com/en-us/help/5032006

https://support.microsoft.com/en-us/help/5032007

https://support.microsoft.com/en-us/help/5032008

https://support.microsoft.com/en-us/help/5032009

https://support.microsoft.com/en-us/help/5032010

https://support.microsoft.com/en-us/help/5032011

https://support.microsoft.com/en-us/help/5032012

Plugin Details

Severity: Critical

ID: 185887

File Name: smb_nt_ms23_nov_dotnet.nasl

Version: 1.9

Type: local

Agent: windows

Published: 11/16/2023

Updated: 4/11/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-36049

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2023

Vulnerability Publication Date: 11/14/2023

Reference Information

CVE: CVE-2023-36049, CVE-2023-36560, CVE-2024-29059

IAVA: 2023-A-0618-S, 2024-A-0178-S

MSFT: MS23-5031984, MS23-5031987, MS23-5031988, MS23-5031989, MS23-5031990, MS23-5031991, MS23-5031993, MS23-5031995, MS23-5031999, MS23-5032000, MS23-5032004, MS23-5032005, MS23-5032006, MS23-5032007, MS23-5032008, MS23-5032009, MS23-5032010, MS23-5032011, MS23-5032012

MSKB: 5031984, 5031987, 5031988, 5031989, 5031990, 5031991, 5031993, 5031995, 5031999, 5032000, 5032004, 5032005, 5032006, 5032007, 5032008, 5032009, 5032010, 5032011, 5032012