Vulnerability CVE-2018-8356


Published: 2018-07-10   Modified: 2018-07-11

Description:
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Type:

CWE-295

(Certificate Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Microsoft -> .net core 
Microsoft -> .net framework 
Microsoft -> .net framework developer pack 
Microsoft -> Asp.net core 
Microsoft -> Powershell core 

 References:
http://www.securityfocus.com/bid/104664
http://www.securitytracker.com/id/1041257
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356

Copyright 2020, cxsecurity.com

 

Back to Top