VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qb99-hpey-aaap

Essentials
Severities (109)
References (29)
Severity details (19)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qb99-hpey-aaap
Aliases	CVE-2023-33170 GHSA-25c8-p796-jg6r
Summary	ASP.NET and Visual Studio Security Feature Bypass Vulnerability
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	8.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00137	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00142	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00249	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00264	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.00822	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
epss	0.06849	https://api.first.org/data/v1/epss?cve=CVE-2023-33170
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-25c8-p796-jg6r
cvssv3.1	8.1	https://github.com/dotnet/aspnetcore
generic_textual	HIGH	https://github.com/dotnet/aspnetcore
cvssv3.1	8.1	https://github.com/dotnet/aspnetcore/issues/49334
generic_textual	HIGH	https://github.com/dotnet/aspnetcore/issues/49334
cvssv3.1_qr	HIGH	https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
cvssv3.1	8.1	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
cvssv3.1	8.1	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
generic_textual	HIGH	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-33170
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-33170

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-33170
		https://github.com/dotnet/aspnetcore
		https://github.com/dotnet/aspnetcore/issues/49334
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
2221854		https://bugzilla.redhat.com/show_bug.cgi?id=2221854
cpe:2.3:a:microsoft:.net::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:.net::::::::
cpe:2.3:a:microsoft:visual_studio_2022::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:visual_studio_2022::::::::
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-33170		https://nvd.nist.gov/vuln/detail/CVE-2023-33170
GHSA-25c8-p796-jg6r		https://github.com/advisories/GHSA-25c8-p796-jg6r
GHSA-25c8-p796-jg6r		https://github.com/dotnet/aspnetcore/security/advisories/GHSA-25c8-p796-jg6r
RHSA-2023:4057		https://access.redhat.com/errata/RHSA-2023:4057
RHSA-2023:4058		https://access.redhat.com/errata/RHSA-2023:4058
RHSA-2023:4059		https://access.redhat.com/errata/RHSA-2023:4059
RHSA-2023:4060		https://access.redhat.com/errata/RHSA-2023:4060
RHSA-2023:4061		https://access.redhat.com/errata/RHSA-2023:4061
RHSA-2023:4448		https://access.redhat.com/errata/RHSA-2023:4448
RHSA-2023:4449		https://access.redhat.com/errata/RHSA-2023:4449
USN-6217-1		https://usn.ubuntu.com/6217-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33170.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Found at https://github.com/dotnet/aspnetcore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/aspnetcore/issues/49334

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-33170

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-33170

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.27347
EPSS Score	0.00060
Published At	Jan. 16, 2025, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.