Vulnerability-Lookup

CVE-2023-36758 (GCVE-0-2023-36758)

Vulnerability from cvelistv5 – Published: 2023-09-12 16:58 – Updated: 2025-10-30 18:17

Title

Visual Studio Elevation of Privilege Vulnerability

Summary

Visual Studio Elevation of Privilege Vulnerability

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

microsoft

References

URL

	Vendor	Product	Version
	Microsoft	Microsoft Visual Studio 2022 version 17.7	Affected: 17.7.0 , < 17.7.4 (custom)

CERTFR-2023-AVI-0743

Vulnerability from certfr_avis - Published: 2023-09-13 - Updated: 2023-09-13

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, un contournement de la fonctionnalité de sécurité, une usurpation d'identité, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft SharePoint Enterprise Server 2016
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.7
Microsoft	N/A	Microsoft Identity Linux Broker
Microsoft	N/A	3D Viewer
Microsoft	N/A	Dynamics 365 pour Finance and Operations
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.4
Microsoft	N/A	Microsoft SharePoint Server Subscription Edition
Microsoft	N/A	Microsoft Defender Security Intelligence Updates
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	3D Builder
Microsoft	N/A	Microsoft SharePoint Server 2019

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 12 septembre 2023	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2023-36773 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36762 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38163 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36760 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36764 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36770 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36757 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36744 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36771 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36796 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36777 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2022-41303 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36759 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36799 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36739 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36793 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36758 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36772 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-39956 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36756 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36736 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36794 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36886 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36792 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36742 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36740 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-38164 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36800 du 12 septembre 2023	-	other
Bulletin de sécurité Microsoft CVE-2023-36745 du 12 septembre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Enterprise Server 2016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Identity Linux Broker",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Viewer",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 pour Finance and Operations",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server Subscription Edition",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Defender Security Intelligence Updates",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "3D Builder",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SharePoint Server 2019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-36800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36800"
    },
    {
      "name": "CVE-2023-36794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
    },
    {
      "name": "CVE-2023-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36777"
    },
    {
      "name": "CVE-2023-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36770"
    },
    {
      "name": "CVE-2023-36739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36739"
    },
    {
      "name": "CVE-2023-36792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
    },
    {
      "name": "CVE-2023-36772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36772"
    },
    {
      "name": "CVE-2023-36758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36758"
    },
    {
      "name": "CVE-2023-38163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38163"
    },
    {
      "name": "CVE-2023-36745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36745"
    },
    {
      "name": "CVE-2023-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36760"
    },
    {
      "name": "CVE-2023-36759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36759"
    },
    {
      "name": "CVE-2023-36757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36757"
    },
    {
      "name": "CVE-2023-36744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36744"
    },
    {
      "name": "CVE-2023-39956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39956"
    },
    {
      "name": "CVE-2023-36771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36771"
    },
    {
      "name": "CVE-2023-36756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36756"
    },
    {
      "name": "CVE-2023-38164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38164"
    },
    {
      "name": "CVE-2023-36762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36762"
    },
    {
      "name": "CVE-2023-36742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36742"
    },
    {
      "name": "CVE-2022-41303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41303"
    },
    {
      "name": "CVE-2023-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36773"
    },
    {
      "name": "CVE-2023-36764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36764"
    },
    {
      "name": "CVE-2023-36740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36740"
    },
    {
      "name": "CVE-2023-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36886"
    },
    {
      "name": "CVE-2023-36799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
    },
    {
      "name": "CVE-2023-36796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
    },
    {
      "name": "CVE-2023-36736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36736"
    },
    {
      "name": "CVE-2023-36793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
    }
  ],
  "initial_release_date": "2023-09-13T00:00:00",
  "last_revision_date": "2023-09-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36773 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36773"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36762 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36762"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38163 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38163"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36760 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36760"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36764 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36764"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36770 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36770"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36757 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36744 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36771 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36796 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36777 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41303 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41303"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36759 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36799 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36799"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36739 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36739"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36793 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36758 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36772 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36772"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-39956 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-39956"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36756 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36736 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36736"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36794 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36886 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36886"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36792 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36742 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36742"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36740 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36740"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38164 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38164"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36800 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36800"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36745 du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745"
    }
  ],
  "reference": "CERTFR-2023-AVI-0743",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une usurpation d\u0027identit\u00e9, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

FKIE_CVE-2023-36758

Vulnerability from fkie_nvd - Published: 2023-09-12 17:15 - Updated: 2024-11-21 08:10

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Visual Studio Elevation of Privilege Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	visual_studio_2022	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE6E2FF-C2E9-4273-9717-D1DC902C2D27",
              "versionEndIncluding": "17.7.4",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios en Visual Studio"
    }
  ],
  "id": "CVE-2023-36758",
  "lastModified": "2024-11-21T08:10:32.170",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-12T17:15:11.267",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-36758

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Visual Studio Elevation of Privilege Vulnerability

Aliases

CVE-2023-36758

Aliases

CVE-2023-36758

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-36758",
    "id": "GSD-2023-36758"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-36758"
      ],
      "details": "Visual Studio Elevation of Privilege Vulnerability",
      "id": "GSD-2023-36758",
      "modified": "2023-12-13T01:20:34.637054Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2023-36758",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Visual Studio 2022 version 17.7",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.7.0",
                          "version_value": "17.7.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Visual Studio Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "17.7.4",
                "versionStartIncluding": "17.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2023-36758"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Visual Studio Elevation of Privilege Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-09-15T14:14Z",
      "publishedDate": "2023-09-12T17:15Z"
    }
  }
}

GHSA-RFMM-9CG4-C4CW

Vulnerability from github – Published: 2023-09-12 18:30 – Updated: 2024-04-04 07:37

Details

Visual Studio Elevation of Privilege Vulnerability

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-36758"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T17:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "Visual Studio Elevation of Privilege Vulnerability",
  "id": "GHSA-rfmm-9cg4-c4cw",
  "modified": "2024-04-04T07:37:29Z",
  "published": "2023-09-12T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36758"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-36758

Vulnerability from fstec - Published: 12.09.2023

Title

Уязвимость средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость средства разработки программного обеспечения Microsoft Visual Studio связана с недостатками разграничения доступа. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp

Software Name

Microsoft Visual Studio 2022

Software Version

17.7 (Microsoft Visual Studio 2022)

Possible Mitigations

Использование рекомендаций: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758

Reference

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758

CWE

CWE-264

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "17.7 (Microsoft Visual Studio 2022)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.09.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-05540",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-36758",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Visual Studio 2022",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f, \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (CWE-264)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36758",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-264",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-36758 (GCVE-0-2023-36758)

CERTFR-2023-AVI-0743

Solution

FKIE_CVE-2023-36758

GSD-2023-36758

GHSA-RFMM-9CG4-C4CW

CVE-2023-36758

Tags

Sightings

Nomenclature