CVE-2022-21911
Published: 11 January 2022
Summary
CVE-2022-21911 is a high-severity an unspecified weakness vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2022-21911 is a denial of service issue in the .NET Framework, assigned a CVSS 3.1 score of 7.5 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No CWE category is specified beyond the NVD placeholder entry.
An unauthenticated attacker with network access can trigger the flaw to produce a high-impact availability condition on affected .NET Framework installations, with no user interaction required.
Microsoft Security Response Center advisories at the listed references address the issue and provide guidance for affected customers. The EPSS score reached a peak of 0.2080 with no subsequent decline reported.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-27067
Vulnerability details
.NET Framework Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.