Detections
Analytics

Security Updates for Microsoft .NET Framework (February 2023)

high Nessus Plugin ID 171598

Language:

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

 - A denial of service (DoS) vulnerability. (CVE-2023-21722)

 - A remote code execution vulnerability. (CVE-2023-21808)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?5bd7d30c

http://www.nessus.org/u?42dae88f

http://www.nessus.org/u?db0b1765

https://support.microsoft.com/en-us/help/5022497

https://support.microsoft.com/en-us/help/5022498

https://support.microsoft.com/en-us/help/5022499

https://support.microsoft.com/en-us/help/5022501

https://support.microsoft.com/en-us/help/5022502

https://support.microsoft.com/en-us/help/5022503

https://support.microsoft.com/en-us/help/5022504

https://support.microsoft.com/en-us/help/5022505

https://support.microsoft.com/en-us/help/5022506

https://support.microsoft.com/en-us/help/5022507

https://support.microsoft.com/en-us/help/5022508

https://support.microsoft.com/en-us/help/5022509

https://support.microsoft.com/en-us/help/5022511

https://support.microsoft.com/en-us/help/5022512

https://support.microsoft.com/en-us/help/5022513

https://support.microsoft.com/en-us/help/5022514

https://support.microsoft.com/en-us/help/5022515

https://support.microsoft.com/en-us/help/5022516

https://support.microsoft.com/en-us/help/5022520

https://support.microsoft.com/en-us/help/5022521

https://support.microsoft.com/en-us/help/5022522

https://support.microsoft.com/en-us/help/5022523

https://support.microsoft.com/en-us/help/5022524

https://support.microsoft.com/en-us/help/5022525

https://support.microsoft.com/en-us/help/5022526

https://support.microsoft.com/en-us/help/5022529

https://support.microsoft.com/en-us/help/5022530

https://support.microsoft.com/en-us/help/5022531

https://support.microsoft.com/en-us/help/5022574

https://support.microsoft.com/en-us/help/5022575

Plugin Details

Severity: High

ID: 171598

File Name: smb_nt_ms23_feb_dotnet.nasl

Version: 1.3

Type: local

Agent: windows

Published: 2/17/2023

Updated: 9/4/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-21808

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/14/2023

Vulnerability Publication Date: 2/14/2023

Reference Information

CVE: CVE-2023-21722, CVE-2023-21808

IAVA: 2023-A-0087-S

MSFT: MS23-5022497, MS23-5022498, MS23-5022499, MS23-5022501, MS23-5022502, MS23-5022503, MS23-5022504, MS23-5022505, MS23-5022506, MS23-5022507, MS23-5022508, MS23-5022509, MS23-5022511, MS23-5022512, MS23-5022513, MS23-5022514, MS23-5022515, MS23-5022516, MS23-5022520, MS23-5022521, MS23-5022522, MS23-5022523, MS23-5022524, MS23-5022525, MS23-5022526, MS23-5022529, MS23-5022530, MS23-5022531, MS23-5022574, MS23-5022575

MSKB: 5022497, 5022498, 5022499, 5022501, 5022502, 5022503, 5022504, 5022505, 5022506, 5022507, 5022508, 5022509, 5022511, 5022512, 5022513, 5022514, 5022515, 5022516, 5022520, 5022521, 5022522, 5022523, 5022524, 5022525, 5022526, 5022529, 5022530, 5022531, 5022574, 5022575