Lucene search
HistoryDec 15, 2021 - 3:15 p.m.
CVE-2021-43877
cve-2021-43877
nvd
asp.net core
visual studio
elevation of privilege
vulnerability
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
Affected configurations
Node
microsoftmicrosoft_visual_studio_2019_16.7 (includes 16.0 – 16.6)Range16.0.0–16.7.23
ORmicrosoftmicrosoft_visual_studio_2019_16.9 (includes 16.0 - 16.8)Range15.0.0–16.9.15
ORmicrosoftmicrosoft_visual_studio_2019_16.11 (includes 16.0 - 16.10)Range16.11.0–16.11.8
ORmicrosoftmicrosoft_visual_studio_2022_17.0Range17.0.0–17.0.3
ORmicrosoftasp.net_core_3.1Range3.0–3.1.22
ORmicrosoftasp.net_core_5.0Range5.0–5.0.13
ORmicrosoftasp.net_core_6.0Range6.0–6.0.101
ORmicrosoftmicrosoft_visual_studio_2022_17.1Range17.0.0–17.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2019_16.7 (includes 16.0 – 16.6) | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.7 (includes 16.0 – 16.6):*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2019_16.9 (includes 16.0 - 16.8) | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.9 (includes 16.0 - 16.8):*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2019_16.11 (includes 16.0 - 16.10) | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.11 (includes 16.0 - 16.10):*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2022_17.0 | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2022_17.0:*:*:*:*:*:*:*:* |
| microsoft | asp.net_core_3.1 | * | cpe:2.3:a:microsoft:asp.net_core_3.1:*:*:*:*:*:*:*:* |
| microsoft | asp.net_core_5.0 | * | cpe:2.3:a:microsoft:asp.net_core_5.0:*:*:*:*:*:*:*:* |
| microsoft | asp.net_core_6.0 | * | cpe:2.3:a:microsoft:asp.net_core_6.0:*:*:*:*:*:*:*:* |
| microsoft | microsoft_visual_studio_2022_17.1 | * | cpe:2.3:a:microsoft:microsoft_visual_studio_2022_17.1:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.0.0",
"lessThan": "16.7.23",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "15.0.0",
"lessThan": "16.9.15",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "16.11.0",
"lessThan": "16.11.8",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.0",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.0.3",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 3.1",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:3.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "3.0",
"lessThan": "3.1.22",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 5.0",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:5.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "5.0",
"lessThan": "5.0.13",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "ASP.NET Core 6.0",
"cpes": [
"cpe:2.3:a:microsoft:asp.net_core:6.0:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "6.0",
"lessThan": "6.0.101",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Microsoft Visual Studio 2022 version 17.1",
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2022:17.1:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "17.0.0",
"lessThan": "17.1.4",
"versionType": "custom",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
osv
osv
BIT-aspnet-core-2021-43877
2024-03-06 10:53:15
CVE-2021-43877
2021-12-15 15:15:10
nessus
nessus
Security Updates for Microsoft ASP.NET Core (December 2021)
2021-12-21 00:00:00
Security Updates for Microsoft Visual Studio Products (December 2021)
2021-12-20 00:00:00
Security Updates for Microsoft Visual Studio Products (April 2022)
2022-04-14 00:00:00
redhatcve
redhatcve
CVE-2021-43877
2021-12-14 19:08:25
mscve
mscve
ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
2021-12-14 08:00:00
prion
prion
Privilege escalation
2021-12-15 15:15:00
nvd
nvd
CVE-2021-43877
2021-12-15 15:15:10
altlinux
altlinux
kaspersky
kaspersky
KLA12385 Multiple vulnerabilities in Microsoft Developer Tools
2021-12-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - December 2021
2021-12-14 22:12:53
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.6%
Related for CVE-2021-43877