CVE-2023-35391 Overview
CVE-2023-35391 is an Information Disclosure vulnerability affecting ASP.NET Core SignalR and Visual Studio. This vulnerability allows unauthenticated remote attackers to access sensitive information through network-based attacks without requiring user interaction.
Critical Impact
Attackers can remotely access sensitive information from affected systems, potentially leading to further compromise of confidentiality. The network-based attack vector with no authentication requirements increases the exploitability of this vulnerability.
Affected Products
- Microsoft .NET
- Microsoft ASP.NET Core
- Microsoft Visual Studio 2022
Discovery Timeline
- 2023-08-08 - CVE-2023-35391 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2023-35391
Vulnerability Analysis
This vulnerability exists within ASP.NET Core SignalR, a library that enables real-time web functionality allowing server-side code to send asynchronous notifications to client-side web applications. The flaw allows unauthorized information disclosure, enabling remote attackers to obtain sensitive data from vulnerable applications without authentication.
The vulnerability can be exploited remotely over the network with low attack complexity. No privileges are required for exploitation, and no user interaction is needed, making it particularly concerning for internet-facing applications utilizing SignalR for real-time communications.
Root Cause
The root cause involves improper handling of data within ASP.NET Core SignalR components, leading to information exposure. Sensitive information that should be protected becomes accessible to unauthorized parties through network requests to affected SignalR endpoints.
Attack Vector
The attack vector is network-based, allowing remote exploitation without authentication. An attacker can send crafted requests to SignalR endpoints on vulnerable .NET applications to extract sensitive information. The low complexity of the attack means no specialized conditions or circumstances are required for successful exploitation.
The vulnerability specifically impacts confidentiality with no direct effect on system integrity or availability. Attackers could leverage disclosed information to facilitate further attacks or access protected resources.
Detection Methods for CVE-2023-35391
Indicators of Compromise
- Unusual network requests to SignalR endpoints from unknown or suspicious IP addresses
- Abnormal patterns in SignalR hub connections or message traffic
- Evidence of unauthorized data access in application logs
- Unexpected outbound data transfers from .NET applications
Detection Strategies
- Monitor SignalR endpoint traffic for anomalous request patterns or volumes
- Implement network-level monitoring to detect unusual connections to ASP.NET Core applications
- Review application logs for unexpected access to SignalR hubs or data retrieval attempts
- Deploy intrusion detection systems with signatures for known exploitation patterns
Monitoring Recommendations
- Enable detailed logging for ASP.NET Core applications and SignalR components
- Configure alerts for unusual authentication failures or access patterns
- Monitor for reconnaissance activity targeting .NET application infrastructure
- Implement real-time monitoring of network traffic to affected applications
How to Mitigate CVE-2023-35391
Immediate Actions Required
- Apply Microsoft security updates for affected .NET, ASP.NET Core, and Visual Studio 2022 installations immediately
- Review network exposure of SignalR endpoints and restrict access where possible
- Implement network segmentation to limit access to vulnerable applications
- Monitor affected systems for signs of exploitation until patches are applied
Patch Information
Microsoft has released security updates to address this vulnerability. Organizations should consult the Microsoft Security Update Guide for detailed patch information and download links for affected products.
Apply the following updates based on your environment:
- Update Microsoft .NET to the latest patched version
- Update ASP.NET Core to the latest patched version
- Update Visual Studio 2022 through the Visual Studio Installer
Workarounds
- Restrict network access to SignalR endpoints using firewall rules or network ACLs
- Implement additional authentication layers for SignalR connections where possible
- Consider temporarily disabling SignalR functionality in non-critical applications until patches can be applied
- Deploy web application firewall (WAF) rules to monitor and filter suspicious SignalR traffic
# Example: Verify installed .NET SDK versions
dotnet --list-sdks
# Example: Update .NET SDK to latest patched version
# Windows (using winget)
winget upgrade Microsoft.DotNet.SDK.7
# Verify ASP.NET Core runtime version
dotnet --list-runtimes
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
