Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20005
HistoryOct 11, 2022 - 12:00 a.m.

KLA20005 Multiple vulnerabilities in Microsoft Developer Tools

2022-10-1100:00:00
Kaspersky Lab
threats.kaspersky.com
18

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.44 Medium

EPSS

Percentile

97.4%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Visual Studio Code can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in NuGet Client can be exploited remotely to gain privileges.
  4. An information disclosure vulnerability in Visual Studio Code can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2022-41034

CVE-2022-41083

CVE-2022-41032

CVE-2022-41042

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Visual-Studio

CVE list

CVE-2022-41034 critical

CVE-2022-41083 critical

CVE-2022-41032 critical

CVE-2022-41042 high

KB list

5019351

5019349

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Visual Studio 2022 for Mac version 17.3Microsoft Visual Studio 2022 version 17.0Microsoft Visual Studio 2022 version 17.3Visual Studio CodeJupyter Extension for Visual Studio CodeMicrosoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10).NET Core 3.1Microsoft Visual Studio 2022 version 17.2.NET 6.0Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)

Related

nessus 26
cve 4
prion 4
cvelist 4
mscve 4
nvd 4
osv 13
zdt 1
packetstorm 1
metasploit 1
ubuntu 1
mskb 2
redhat 7
rocky 3
almalinux 5
openvas 4
oraclelinux 5
debiancve 1
redhatcve 1
github 1
alpinelinux 1
ubuntucve 1
veracode 1
fedora 1
altlinux 4
rapid7blog 2
redos 1
ics 1
talosblog 1
ibm 1
nessus
nessus
Security Update for Microsoft Visual Studio Code (October 2022)
2022-10-12 00:00:00
Ubuntu 22.04 LTS : .NET 6 vulnerability (USN-5670-1)
2022-10-11 00:00:00
RHEL 9 : .NET 6.0 (RHSA-2022:6913)
2022-10-15 00:00:00
cve
cve
CVE-2022-41083
2022-10-11 19:15:21
CVE-2022-41034
2022-10-11 19:15:20
CVE-2022-41042
2022-10-11 19:15:20
prion
prion
Privilege escalation
2022-10-11 19:15:00
Remote code execution
2022-10-11 19:15:00
Information disclosure
2022-10-11 19:15:00
cvelist
cvelist
CVE-2022-41042 Visual Studio Code Information Disclosure Vulnerability
2022-10-11 00:00:00
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability
2022-10-11 00:00:00
CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability
2022-10-11 00:00:00
mscve
mscve
Visual Studio Code Elevation of Privilege Vulnerability
2022-10-11 07:00:00
Visual Studio Code Remote Code Execution Vulnerability
2022-10-11 07:00:00
Visual Studio Code Information Disclosure Vulnerability
2022-10-11 07:00:00
nvd
nvd
CVE-2022-41083
2022-10-11 19:15:21
CVE-2022-41034
2022-10-11 19:15:20
CVE-2022-41042
2022-10-11 19:15:20
osv
osv
CVE-2022-41034
2022-10-11 19:15:20
Moderate: .NET 6.0 security and bugfix update
2022-10-12 00:00:00
NuGet Elevation of Privilege Vulnerability
2022-10-11 20:48:52
zdt
zdt
VSCode ipynb Remote Code Execution Exploit
2024-06-13 00:00:00
packetstorm
packetstorm
VSCode ipynb Remote Code Execution
2024-06-11 00:00:00
metasploit
metasploit
VSCode ipynb Remote Development RCE
2024-03-22 20:26:03
ubuntu
ubuntu
.NET 6 vulnerability
2022-10-11 00:00:00
mskb
mskb
.NET Core 3.1 Update - October 11, 2022 (KB5019349)
2022-10-11 07:00:00
.NET 6.0 Update - October 11, 2022 (KB5019351)
2022-10-11 07:00:00
redhat
redhat
(RHSA-2022:6914) Moderate: .NET Core 3.1 on RHEL 7 security and bugfix update
2022-10-12 07:53:32
(RHSA-2022:8434) Moderate: dotnet7.0 security, bug fix, and enhancement update
2022-11-15 15:35:40
(RHSA-2022:6913) Moderate: .NET 6.0 security and bugfix update
2022-10-12 07:36:40
rocky
rocky
.NET Core 3.1 security and bugfix update
2022-10-12 07:36:20
.NET 6.0 security and bugfix update
2022-10-12 07:36:40
.NET 6.0 security and bugfix update
2022-10-12 07:35:48
almalinux
almalinux
Moderate: .NET 6.0 security and bugfix update
2022-10-12 00:00:00
Moderate: .NET Core 3.1 security and bugfix update
2022-10-12 00:00:00
Moderate: dotnet7.0 security, bug fix, and enhancement update
2022-11-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5670-1)
2022-10-12 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2022-7f5f9ede26)
2022-10-27 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2022-f9ca76e479)
2022-10-27 00:00:00
oraclelinux
oraclelinux
.NET 6.0 security and bugfix update
2022-10-13 00:00:00
.NET 6.0 security and bugfix update
2022-10-13 00:00:00
.NET Core 3.1 security and bugfix update
2022-10-12 00:00:00
debiancve
debiancve
CVE-2022-41032
2022-10-11 19:15:20
redhatcve
redhatcve
CVE-2022-41032
2022-10-13 15:31:04
github
github
NuGet Elevation of Privilege Vulnerability
2022-10-11 20:48:52
alpinelinux
alpinelinux
CVE-2022-41032
2022-10-11 19:15:20
ubuntucve
ubuntucve
CVE-2022-41032
2022-10-11 00:00:00
veracode
veracode
Privilege Escalation
2022-10-13 02:11:26
fedora
fedora
[SECURITY] Fedora 37 Update: dotnet6.0-6.0.110-2.fc37
2022-11-20 01:25:12
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.32-alt1
2023-03-18 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 6.0.12-alt1
2023-02-20 00:00:00
Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 6.0.12-alt1
2022-12-27 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 06/14/2024
2024-06-14 19:09:16
Patch Tuesday - October 2022
2022-10-11 18:35:28
redos
redos
ROS-20231115-04
2023-11-15 00:00:00
ics
ics
Siemens PNI
2023-11-16 12:00:00
talosblog
talosblog
Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities
2022-10-11 18:01:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-01-06 21:25:02

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.44 Medium

EPSS

Percentile

97.4%

JSON
Related for KLA20005
nessus26cve4prion4cvelist4mscve4nvd4osv13zdt1packetstorm1metasploit1ubuntu1mskb2redhat7rocky3almalinux5openvas4oraclelinux5debiancve1redhatcve1github1alpinelinux1ubuntucve1veracode1fedora1altlinux4rapid7blog2redos1ics1talosblog1ibm1