CVE-2024-29059

Warning

EPSS 93.85%
Published 23.03.2024 00:15:09
Last modified 05.02.2025 02:00:01
Source secure@microsoft.com
Teams watchlist Login
Open Login

.NET Framework Information Disclosure Vulnerability

Affected products Warnungen 1 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ .Net Framework Version4.7.2

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version- HwPlatformx64
   Microsoft ≫ Windows Server 2016 Version-
   Microsoft ≫ Windows Server 2019 Version-

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1809 Version-
   Microsoft ≫ Windows 10 21h2 Version-
   Microsoft ≫ Windows 10 22h2 Version-
   Microsoft ≫ Windows 11 21h2 Version-
   Microsoft ≫ Windows Server 2019 Version-
   Microsoft ≫ Windows Server 2022 Version-

Microsoft ≫ .Net Framework Version4.8

Microsoft ≫ .Net Framework Version3.5.1

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.0 Updatesp2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.5 Update-

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows 10 1507 Version- HwPlatformx64
Microsoft ≫ Windows 10 1507 Version- HwPlatformx86

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 21h2 Version-
   Microsoft ≫ Windows 10 22h2 Version-
   Microsoft ≫ Windows 11 21h2 Version-
   Microsoft ≫ Windows 11 22h2 Version-
   Microsoft ≫ Windows 11 23h2 Version-
   Microsoft ≫ Windows Server 2022 Version-
   Microsoft ≫ Windows Server 2022 23h2 Version-

Microsoft ≫ .Net Framework Version4.8.1

Microsoft ≫ .Net Framework Version4.6.2

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7.1

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.7.2

   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.8

   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2
   Microsoft ≫ Windows Server 2016 Version-

04.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft .NET Framework Information Disclosure Vulnerability

Vulnerability

Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.85%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-29059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29059

EUVD