CVE Catalog

Actively exploited in the wild

Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability

Microsoft — .NET Core and Visual Studio · Listed in the CISA KEV since 2023-08-09. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-38180

HighCVSS 7.5KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
15.64%

96th percentile — higher than 96% of all known CVEs

Summary

A vulnerability in .NET and Visual Studio allows for a Denial of Service (DoS) attack, potentially leading to application or service unavailability. An attacker can exploit this flaw to disrupt system operations.

Risk Assessment

Organizations may experience downtime in critical applications, leading to revenue loss and diminished customer trust. High availability of services is crucial for business operations.

Recommendation

It is recommended to update .NET and Visual Studio to the latest versions that include security patches. Monitoring systems for unusual traffic patterns can also help in detecting attack attempts.

Original NVD description (English source)

.NET and Visual Studio Denial of Service Vulnerability

Vulnerability data from NVD (NIST) · CISA KEV · EPSS