CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
59.3%
The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(111071);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2018-8356");
script_bugtraq_id(104664);
script_xref(name:"MSKB", value:"4339279");
script_xref(name:"MSFT", value:"MS18-4339279");
script_name(english:"Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.");
script_set_attribute(attribute:"description", value:
"The Microsoft ASP.NET Core installations on the remote
host are missing a security update. It is, therefore,
affected by the following vulnerability :
- A security feature bypass vulnerability exists when Microsoft
.NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The
security update addresses the vulnerability by ensuring that .NET
Framework components correctly validate certificates. (CVE-2018-8356)");
# https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8356
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3e10f501");
script_set_attribute(attribute:"see_also", value:"https://github.com/aspnet/Announcements/issues/311");
script_set_attribute(attribute:"solution", value:
"Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8356");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:asp.net_core");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_asp_dotnet_core_win.nbin", "ms_bulletin_checks_possible.nasl");
script_require_keys("installed_sw/ASP .NET Core Windows", "SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include("global_settings.inc");
include("audit.inc");
include("install_func.inc");
include("misc_func.inc");
include("smb_func.inc");
include("vcf.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
appname = 'ASP .NET Core Windows';
package_dat = {
'Microsoft.AspNetCore.All':{
'constraints':[
{ "min_version" : "2.0.0", "fixed_version" : "2.0.13103.0" }, # 2.0.9
{ "min_version" : "2.1.0", "fixed_version" : "2.1.2" }
],
'instances':make_list()
},
'Microsoft.AspNetCore.App':{
'constraints':[
{ "min_version" : "2.1.0", "fixed_version" : "2.1.2" }
],
'instances':make_list()
},
'Microsoft.AspNetCore.Server.Kestrel.Core':{
'constraints':[
{ "min_version" : "2.0.0", "fixed_version" : "2.0.4" },
{ "min_version" : "2.1.0", "fixed_version" : "2.1.2" }
],
'instances':make_list()
}
};
port = kb_smb_transport();
# Only need one install - packages for all installs will be enumerated
install = get_single_install(app_name:appname);
version = install['version'];
path = install['path'];
# Parse extras
foreach package (keys(package_dat))
{
foreach instance (split(install[package], sep:';', keep:false))
{
next = max_index(package_dat[package]['instances']);
package_dat[package]['instances'][next] = split(instance, sep:'?', keep:false);
}
}
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n';
vuln = false;
foreach package (keys(package_dat))
{
foreach instance (package_dat[package]['instances'])
{
out = vcf::check_version(
version:vcf::parse_version(instance[0]),
constraints:package_dat[package]['constraints']
);
if (!vcf::is_error(out) && !isnull(out))
{
fixed_version = out['fixed_version'];
if (fixed_version == "2.0.13103.0")
fixed_version = "2.0.9 (2.0.13103.0)";
vuln = true;
report +=
'\n Package : ' + package +
'\n Path : ' + instance[1] +
'\n Installed version : ' + instance[0] +
'\n Fixed version : ' + fixed_version +
'\n';
}
}
}
if (vuln)
security_report_v4(port:port, severity:SECURITY_NOTE, extra:report);
else
audit(AUDIT_INST_VER_NOT_VULN, appname);
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
59.3%