CVE-2021-31204

.NET and Visual Studio Elevation of Privilege Vulnerability

Severity Score

7.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

.NET and Visual Studio Elevation of Privilege Vulnerability

Una vulnerabilidad de Escalada de Privilegios de .NET y Visual Studio

A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-04-14 CVE Reserved
2021-05-11 CVE Published
2024-08-03 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-273: Improper Check for Dropped Privileges

CAPEC

References (9)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204	2023-12-29

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA	2023-12-29
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ	2023-12-29
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6	2023-12-29
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU	2023-12-29
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF	2023-12-29
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4	2023-12-29
https://access.redhat.com/security/cve/CVE-2021-31204	2021-05-19
https://bugzilla.redhat.com/show_bug.cgi?id=1956815	2021-05-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		.net Search vendor "Microsoft" for product ".net"				>= 5.0 <= 5.0.5 Search vendor "Microsoft" for product ".net" and version " >= 5.0 <= 5.0.5"		-		Affected
Microsoft Search vendor "Microsoft"		.net Core Search vendor "Microsoft" for product ".net Core"				>= 3.1 <= 3.1.14 Search vendor "Microsoft" for product ".net Core" and version " >= 3.1 <= 3.1.14"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019"				>= 16.0 < 16.4.22 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.0 < 16.4.22"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019"				>= 16.5.0 < 16.7.15 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.5.0 < 16.7.15"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019"				>= 16.8.0 < 16.9.5 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.8.0 < 16.9.5"		-		Affected
Microsoft Search vendor "Microsoft"		Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019"				8.9 Search vendor "Microsoft" for product "Visual Studio 2019" and version "8.9"		macos		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected