Security Feature Bypass in Microsoft .NET Framework Affecting Multiple Versions
CVE-2018-8356

5.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft .net Framework
.net Core
Asp.net Core
.net Framework
Vendor
CVE Published:
11 July 2018

Summary

A security feature bypass vulnerability exists in Microsoft .NET Framework components due to inadequate validation of certificates. This issue allows attackers to exploit the affected versions of .NET Framework and ASP.NET Core, leading to potential unauthorized access or compromised integrity of applications relying on these frameworks. Users of .NET Framework versions 3.0, 4.5.2, 4.6 through 4.7.2, and various versions of ASP.NET and .NET Core should take appropriate measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

.NET Core 1.0

.NET Core 1.1

.NET Core 2.0

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104664
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041257
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.