Lucene search

[email protected]CVE-2018-0786

HistoryJan 10, 2018 - 1:29 a.m.

CVE-2018-0786

2018-01-1001:29:00

CWE-295

[email protected]

web.nvd.nist.gov

"cve-2018-0786

.net framework

security feature bypass

certificate validation

nvd"

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka “.NET Security Feature Bypass Vulnerability.”

Affected configurations

Vulners

NVD

Node

microsoft_corporation.net_framework\,_.net_core\,_and_powershell_core

CPENameOperatorVersion
microsoft:.net_coremicrosoft .net coreeq1.0
microsoft:.net_coremicrosoft .net coreeq2.0
microsoft:powershell_coremicrosoft powershell coreeq6.0

CPE	Name	Operator	Version
microsoft:.net_core	microsoft .net core	eq	1.0
microsoft:.net_core	microsoft .net core	eq	2.0
microsoft:powershell_core	microsoft powershell core	eq	6.0

CNA Affected

[
  {
    "product": ".NET Framework, .NET Core, and PowerShell Core",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0"
      }
    ]
  }
]