6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.868 High
EPSS
Percentile
98.6%
The Microsoft .NET Core SDK installation on the remote host is version 2.1.x < 2.1.516 / 2.1.613 / 2.1.808, or 3.1.x < 3.1.106 / 3.1.302. It is, therefore, affected by a remote code execution vulnerability. It is, therefore, affected by a remote code execution (RCE) vulnerability due to failing to check the source markup of XML file input. An unauthenticated, remote attacker can exploit this, by issuing specially crafted requests to applications that process certain types of XML, to execute arbitrary code in the context of the current user.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138466);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2020-1147");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_name(english:"Security Update for .NET Core SDK (July 2020)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a .NET Core SDK remote code execution (RCE) vulnerability.");
script_set_attribute(attribute:"description", value:
"The Microsoft .NET Core SDK installation on the remote host is version 2.1.x < 2.1.516 / 2.1.613 / 2.1.808, or
3.1.x < 3.1.106 / 3.1.302. It is, therefore, affected by a remote code execution vulnerability. It is, therefore,
affected by a remote code execution (RCE) vulnerability due to failing to check the source markup of XML file input. An
unauthenticated, remote attacker can exploit this, by issuing specially crafted requests to applications that process
certain types of XML, to execute arbitrary code in the context of the current user.");
script_set_attribute(attribute:"see_also", value:"https://dotnet.microsoft.com/download/dotnet-core/3.1");
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?43ad1c2a");
script_set_attribute(attribute:"see_also", value:"https://github.com/dotnet/announcements/issues/159");
script_set_attribute(attribute:"solution", value:
"Refer to vendor documentation.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1147");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SharePoint DataSet / DataTable Deserialization');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_core");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_dotnet_core_sdk_win.nbin");
script_require_keys("installed_sw/.NET Core SDK Windows", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
app = '.NET Core SDK Windows';
app_info = vcf::get_app_info(app:app, win_local:TRUE);
constraints = [
{ 'min_version' : '2.1', 'fixed_version' : '2.1.516' },
{ 'min_version' : '2.1.600', 'fixed_version' : '2.1.613' },
{ 'min_version' : '2.1.800', 'fixed_version' : '2.1.808' },
{ 'min_version' : '3.1', 'fixed_version' : '3.1.106' },
{ 'min_version' : '3.1.200', 'fixed_version' : '3.1.302' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.868 High
EPSS
Percentile
98.6%