🟡 CVE-2024-29059

CVE-2024-29059 is an information disclosure vulnerability in .NET Framework that can expose sensitive information through error messages. While CISA has added it to the KEV catalog indicating active exploitation, the vulnerability is limited to information disclosure rather than remote code execution.

← Back to Overview
MEDIUM_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
MEDIUM
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: MEDIUM

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-03-22

Added to CISA KEV: 2025-02-04 319 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-29059 is an information disclosure vulnerability affecting the Microsoft .NET Framework [3]. It has been identified by CISA as a Known Exploited Vulnerability (KEV), indicating that it has been actively exploited in the wild [3].

Vulnerability Overview
  • Nature of Vulnerability: Information Disclosure. The vulnerability involves the exposure of an `ObjRef` URI, which can be leveraged through .NET Remoting [2] [4].
  • Impact: Successful exploitation allows an attacker to access remote objects, potentially leading to unauthorized access to application data [2]. Some sources indicate that this could ultimately enable remote code execution (RCE) in certain scenarios [4].
  • CVSS Score: The vulnerability has a CVSS v3 base score of 7.5 (High) [1].
Exploitation and Threat Landscape
  • Active Exploitation: The vulnerability is included in CISA's Known Exploited Vulnerabilities Catalog, confirming its use in real-world attacks [3].
  • Exploit Availability: Publicly disclosed information and detection templates (such as those for the Nuclei engine) exist to identify vulnerable systems [2] [4].
  • Targeting: While specific details on ransomware campaigns or specific threat actor attribution are not always publicly detailed in standard CVE records, its inclusion in the CISA KEV catalog highlights it as a significant threat that organizations must prioritize.
Mitigation and Patching
  • Patch Status: Microsoft has released security updates to address this vulnerability. Organizations are strongly advised to apply the latest security patches provided by Microsoft for the affected .NET Framework versions [1].
  • Monitoring: As a supplementary measure, administrators should monitor and review error messages and logs to detect potential attempts to disclose sensitive information [1].
For the most accurate and up-to-date list of affected versions and specific patch instructions, you should consult the official [Microsoft Security Update Guide](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059).

Sources

  1. CVE-2024-29059 - Exploits & Severity - Feedly

    Impact. If exploited, this vulnerability could lead to the disclosure of confidential information. The CVSS v3 base score is 7.5 (High), ... The following corrections have been made in the Security Updates table: 1) Removed .NET Framework 3.5 and 4.7.2 on Windows 10 version 1809 for ARM-based system…

  2. CVE-2024-29059.yaml - projectdiscovery/nuclei-templates - GitHub

    Attackers can exploit leaked ObjRefs to access remote objects via .NET Remoting, potentially gaining unauthorized access to application data. remediation: |. ... Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates.Attackers…

  3. CVE-2024-29059 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog ; Microsoft .NET Framework Information Disclosure Vulnerability, 02/04/2025, 02/25/2025 ... CVE, Microsoft Corporation. Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-29059.Reference CISA'…

  4. CVE-2024-29059 - Microsoft .NET Framework Information... | VulnWire

    Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.Exploitability. Medium - Publicly disclosed. Impact. Complete system compromise possible. Additional Notes. https://msrc.microsoft.com/updat…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed