CVE-2023-32030
Published: 14 June 2023
Summary
CVE-2023-32030 is a high-severity an unspecified weakness vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
.NET and Visual Studio contain a denial-of-service vulnerability tracked as CVE-2023-32030. The flaw received a CVSS 3.1 score of 7.5 with a vector indicating network attackability, low complexity, and no required privileges or user interaction, resulting in high impact to availability while leaving confidentiality and integrity unaffected.
An unauthenticated remote attacker can send crafted input over the network to trigger the condition, causing the affected .NET or Visual Studio component to become unavailable. The attack requires no authentication or user assistance and can be carried out against any reachable instance.
Microsoft has published an advisory for CVE-2023-32030 at the Microsoft Security Response Center that addresses the issue.
The associated EPSS score remains low, with a current value of 0.0497 and a peak of 0.0524.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36317
Vulnerability details
.NET and Visual Studio Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.