FortiGuard Outbreak Alert: Microsoft .NET Framework Information Disclosure

kcheung · ‎04-10-2025

Description

FortiGuard Labs have observed active exploration of CVE-2024-29059 in Microsoft .NET Framework.

CVE-2024-29059 is an information disclosure vulnerability in Microsoft .NET Framework which exposes the ObjRef URI to an attacker which could lead to remote code execution.

CVE ID   

CVE-2024-29059 (https://nvd.nist.gov/vuln/detail/ CVE-2024-29059)

NDR Cloud Detection Rule

FortiNDR Cloud v25.1.e+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: .NET Framework Information Disclosure Vulnerability - CVE-2024-29059	Attack: Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Microsoft .NET Framework Information Disclosure” related activities.

IOC source:

https://www.fortiguard.com/outbreak-ioc?tag=microsoft%20net%20framework%20information%20disclosure

All IOCs listed above have been added to Threat Intelligence Intel.

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below:

2056203 -> ET MALWARE Magnet Goblin Linux Nerbian RAT Trigger Sequence from CnC Server

2056204 -> ET EXPLOIT .NET Remoting SoapServerFormatterSink ObjRef Leak (CVE-2024-29059)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to:
https://www.fortiguard.com/outbreak-alert/microsoft-net-framework-information-disclosure

FortiGuard Outbreak Alert: Microsoft .NET Framework Information Disclosure

You are leaving our website