CVE-2023-21808

Published: Feb 14, 2023

Modified: Feb 28, 2025

PUBLISHED

CVSS v3.1

7.8

HIGH

.NET and Visual Studio Remote Code Execution Vulnerability

Vendor	Product	Versions
Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)	affected `16.11.0 - < 16.11.24`
Microsoft	Microsoft Visual Studio 2022 version 17.0	affected `17.0.0 - < 17.0.19`
Microsoft	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)	affected `15.9.0 - < 15.9.52`
Microsoft	Microsoft Visual Studio 2022 version 17.4	affected `17.4.0 - < 17.4.5`
Microsoft	Microsoft Visual Studio 2022 version 17.2	affected `17.2.0 - < 17.2.13`
Microsoft	Microsoft Visual Studio 2015 Update 3	affected `14.0.0 - < 14.0.27555.0`
Microsoft	Microsoft Visual Studio 2013 Update 5	affected `12.0.0 - < 12.0.40700.0`
Microsoft	.NET 7.0	affected `7.0.0 - < 7.0.3`
Microsoft	.NET 6.0	affected `6.0.0 - < 6.0.14`
Microsoft	PowerShell 7.2	affected `7.2.0 - < 7.2.10`
Microsoft	Microsoft .NET Framework 3.5 AND 4.8	affected `4.8.0 - < 10.0.04614.06`
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2	affected `4.7.0 - < 10.0.04038.03`
Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	affected `4.7.0 - < 4.7.04614.08`
Microsoft	Microsoft .NET Framework 4.8	affected `4.8.0 - < 4.8.04614.05`
Microsoft	Microsoft .NET Framework 3.5 AND 4.8.1	affected `4.8.1 - < 10.0.09139.02`
Microsoft	Microsoft .NET Framework 4.6.2	affected `4.7.0 - < 4.7.04038.06`
Microsoft	Microsoft .NET Framework 3.5 and 4.6.2	affected `4.7.0 - < 10.0.10240.19747`

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.