Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-36038
CVE-2023-36038:
Visual Studio 2022 vulnerability analysis and mitigation
Overview
ASP.NET Core Denial of Service Vulnerability (CVE-2023-36038) was identified and disclosed on June 20, 2023. This vulnerability affects multiple Microsoft products including ASP.NET Core and various versions of Visual Studio 2022, as well as .NET versions up to 8.0.0 (NVD).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, while Microsoft Corporation assessed it at 8.2 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).
Impact
The vulnerability primarily affects the availability of the system, with potential for denial of service attacks. According to the CVSS metrics, while there is no impact on confidentiality, there is a potential for low impact on integrity and high impact on availability (NVD).
Mitigation and workarounds
Microsoft has released patches for the affected products. The fix is available for various versions of Visual Studio 2022 (17.2, 17.4, 17.6, and 17.7) and ASP.NET Core 8.0.0 (Microsoft Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management