Cyber Resilience

CVE-2022-21911

High

Published: 11 January 2022

Published
11 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.2080 95.7th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-21911 is a high-severity an unspecified weakness vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability CVE-2022-21911 is a denial of service issue in the .NET Framework, assigned a CVSS 3.1 score of 7.5 under the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. No CWE category is specified beyond the NVD placeholder entry.

An unauthenticated attacker with network access can trigger the flaw to produce a high-impact availability condition on affected .NET Framework installations, with no user interaction required.

Microsoft Security Response Center advisories at the listed references address the issue and provide guidance for affected customers. The EPSS score reached a peak of 0.2080 with no subsequent decline reported.

EU & UK References

Vulnerability details

.NET Framework Denial of Service Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
.net framework
2.0, 3.5, 3.5.1, 4.5.2, 4.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References