Vulnerability Name:

CVE-2022-23267 (CCN-225380)

Assigned:2022-05-10
Published:2022-05-10
Updated:2022-10-18
Summary:.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
CWE-770
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-23267

Source: XF
Type: UNKNOWN
ms-dotnet-cve202223267-dos(225380)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-9a1d5ea33c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-d69fee9f38

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-256d559f0c

Source: CCN
Type: Microsoft Security TechCenter - May 2022
CVE-2022-23267 - .NET Denial of Service Vulnerability

Source: MISC
Type: Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23267

Source: CCN
Type: IBM Security Bulletin 6615217 (Robotic Process Automation for Cloud Pak)
Multiple vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:.net:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net:6.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* (Version >= 16.10 and < 16.11.14)
  • OR cpe:/a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* (Version >= 16.0 and < 16.9.21)
  • OR cpe:/a:microsoft:powershell:*:*:*:*:*:*:*:* (Version >= 7.0 and < 7.0.11)
  • OR cpe:/a:microsoft:powershell:*:*:*:*:*:*:*:* (Version >= 7.2 and < 7.2.4)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net:5.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20224588
    P
    		RHSA-2022:4588: .NET 6.0 security, bug fix, and enhancement update (Important)
    2022-05-18
    oval:com.redhat.rhsa:def:20222199
    P
    		RHSA-2022:2199: .NET 6.0 security, bug fix, and enhancement update (Important)
    2022-05-11
    oval:com.redhat.rhsa:def:20222200
    P
    		RHSA-2022:2200: .NET 5.0 security, bug fix, and enhancement update (Important)
    2022-05-11
    oval:com.redhat.rhsa:def:20222202
    P
    		RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important)
    2022-05-11
    BACK
    microsoft .net 5.0
    microsoft .net core 3.1 -
    microsoft visual studio 2022 17.0
    microsoft .net 6.0.0 -
    microsoft visual studio 2022 17.1
    microsoft visual studio 2019 *
    microsoft visual studio 2019 *
    microsoft powershell *
    microsoft powershell *
    fedoraproject fedora 34
    fedoraproject fedora 35
    fedoraproject fedora 36
    microsoft .net core 3.1
    microsoft .net 5.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2