VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-jkv8-as7q-xker

Essentials
Severities (54)
References (36)
Severity details (26)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jkv8-as7q-xker
Aliases	CVE-2022-24512 GHSA-c6w8-7mp3-34j9
Summary	.NET Remote Code Execution Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine. ### Patches * Any .NET 6.0 application running on .NET 6.0.2 or lower * Any .NET 5.0 application running on .NET 5.0.14 or lower * Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower To fix the issue, please install the latest version of .NET 6.0, .NET 5.0, or .NET Core 3.1. If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs. * If you're using .NET 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.103 (for Visual Studio 2019 v17.0) or SDK 6.0.201 (for Visual Studio 2019 V17.1) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET 5.0, you should download and install Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2019 V16.9) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7) from https://dotnet.microsoft.com/download/dotnet-core/3.1. .NET 6.0, .NET 5.0, and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates. ### Other Details - Announcement for this issue can be found at dotnet/announcements#213 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/66348 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24512.json
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00224	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00224	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
epss	0.00247	https://api.first.org/data/v1/epss?cve=CVE-2022-24512
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-c6w8-7mp3-34j9
cvssv3.1	6.3	https://github.com/dotnet/announcements/issues/213
generic_textual	MODERATE	https://github.com/dotnet/announcements/issues/213
cvssv3.1	6.3	https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
cvssv3.1_qr	MODERATE	https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
generic_textual	MODERATE	https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
cvssv3.1	6.3	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
cvssv3.1	6.3	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512
generic_textual	MODERATE	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2022-24512
cvssv3.1	6.3	https://nvd.nist.gov/vuln/detail/CVE-2022-24512
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2022-24512
cvssv3.1	6.3	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512
generic_textual	MODERATE	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24512.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-24512
		https://github.com/dotnet/announcements/issues/213
		https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/
		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512
		https://nvd.nist.gov/vuln/detail/CVE-2022-24512
		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512
2061854		https://bugzilla.redhat.com/show_bug.cgi?id=2061854
cpe:2.3:a:microsoft:.net:5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:5.0:::::::*
cpe:2.3:a:microsoft:.net:6.0.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net:6.0.0:-::::::
cpe:2.3:a:microsoft:.net_core:3.1:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net_core:3.1:-::::::
cpe:2.3:a:microsoft:powershell::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:powershell::::::::
cpe:2.3:a:microsoft:visual_studio_2019::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2019::::::::
cpe:2.3:a:microsoft:visual_studio_2022::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022::::::::
cpe:2.3:o:fedoraproject:fedora:34:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:34:::::::*
cpe:2.3:o:fedoraproject:fedora:35:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
GHSA-c6w8-7mp3-34j9		https://github.com/advisories/GHSA-c6w8-7mp3-34j9
RHSA-2022:0826		https://access.redhat.com/errata/RHSA-2022:0826
RHSA-2022:0827		https://access.redhat.com/errata/RHSA-2022:0827
RHSA-2022:0828		https://access.redhat.com/errata/RHSA-2022:0828
RHSA-2022:0829		https://access.redhat.com/errata/RHSA-2022:0829
RHSA-2022:0830		https://access.redhat.com/errata/RHSA-2022:0830
RHSA-2022:0832		https://access.redhat.com/errata/RHSA-2022:0832

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24512.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/dotnet/announcements/issues/213

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24512

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-24512

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.42198
EPSS Score	0.00198
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:58:47.059825+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-c6w8-7mp3-34j9/GHSA-c6w8-7mp3-34j9.json	37.0.0