Cyber Resilience

CVE-2023-32030

High

Published: 14 June 2023

Published
14 June 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0497 89.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-32030 is a high-severity an unspecified weakness vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

.NET and Visual Studio contain a denial-of-service vulnerability tracked as CVE-2023-32030. The flaw received a CVSS 3.1 score of 7.5 with a vector indicating network attackability, low complexity, and no required privileges or user interaction, resulting in high impact to availability while leaving confidentiality and integrity unaffected.

An unauthenticated remote attacker can send crafted input over the network to trigger the condition, causing the affected .NET or Visual Studio component to become unavailable. The attack requires no authentication or user assistance and can be carried out against any reachable instance.

Microsoft has published an advisory for CVE-2023-32030 at the Microsoft Security Response Center that addresses the issue.

The associated EPSS score remains low, with a current value of 0.0497 and a peak of 0.0524.

EU & UK References

Vulnerability details

.NET and Visual Studio Denial of Service Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
.net framework
2.0, 3.0, 3.5, 3.5.1, 4.6.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References