CVE-2024-21409 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability · VulnScope

CVE-2024-21409

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.3

HIGH

CVSS 3.1

EPSS 57.6%

Description

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

How to fix CVE-2024-21409

To remediate CVE-2024-21409, upgrade the affected package to a fixed version below.

Bitnami/dotnet—upgrade to 6.0.29 or later
Bitnami/dotnet-sdk—upgrade to 6.0.29 or later
—upgrade to 7.2.19 or later
—upgrade to 6.0.29 or later
—upgrade to 6.0.29 or later
—upgrade to 7.0.18 or later

Is CVE-2024-21409 being exploited?

Likely — EPSS is 57.6%, placing CVE-2024-21409 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (6)

>= 6.0.0, < 6.0.29, >= 7.0.0, < 7.0.18, >= 8.0.0, < 8.0.4
>= 6.0.0, < 6.0.29, >= 7.0.0, < 7.0.18, >= 8.0.0, < 8.0.4
>= 7.2.0, < 7.2.19, >= 7.3.0, < 7.3.12, >= 7.4.0, < 7.4.2
from 0, < 6.0.29
from 0, < 6.0.29
>= 7.0.0, < 7.0.18

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References (6)