What is CVE-2023-35390?

CVE-2023-35390 is a high-severity software vulnerability (Command injection) with a CVSS score of 7.8. .NET and Visual Studio Remote Code Execution Vulnerability

Is CVE-2023-35390 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 2%.

What products does CVE-2023-35390 affect?

Tracked products affected include .NET. Check the version you run to see whether it is affected.

How do I fix CVE-2023-35390?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2023-35390

HIGH severity · CVSS 7.8 · Command injection

7.8CVSS HIGH

Summary

.NET and Visual Studio Remote Code Execution Vulnerability

Impact & exploitability

Attack vectorLocal

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)2%

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

.NET

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390 ↗

Additional information

NVD record
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35390Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CL2L4WE5QRT7WEXANYXSKSU43APC5N2V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWVZFKTLNMNKPZ755EMRYIA6GHFOWGKY/