CVE-2018-8356

MSR

Medium

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET F…

CVSS

6.5

Medium

EPSS

0.01

p47

Published

2018-01-01

Updated

2018-01-01

Description

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Tags · CWE

Pre-auth

CWE-295

CAPEC-459

CAPEC-475

Affected products

.net_core

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: L

Low (L)

Integrity Impact

I: L

Low (L)

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.007 · p47

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Microsoft

Windows Windows Server 2016 Windows Server 2012 Windows 10 Windows Server 2008 Windows 8.1 Windows Rt 8.1 Windows 7 Windows Server .net Framework+4

Product	Vendor	Status
.net_core	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework	*	Tracked
.net_framework_developer_pack	*	Tracked
asp.net_core	*	Tracked
powershell_core	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Showing first 20 of 115

Source databases

MSR

CVE