Lucene search

[email protected]NVD:CVE-2018-8284

HistoryJul 11, 2018 - 12:29 a.m.

CVE-2018-8284

2018-07-1100:29:01

CWE-94

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.191 Low

EPSS

Percentile

96.3%

JSON

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka “.NET Framework Remote Code Injection Vulnerability.” This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Affected configurations

NVD

Node

microsoft.net_frameworkMatch2.0sp2

microsoft.net_frameworkMatch3.0sp2

AND

microsoftwindows_server_2008Match-sp2

Node

microsoft.net_frameworkMatch3.5

AND

microsoftwindows_10Match-

microsoftwindows_10Match1607

microsoftwindows_10Match1703

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_8.1

microsoftwindows_server_2012

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016

Node

microsoft.net_frameworkMatch3.5.1

AND

microsoftwindows_7Match-sp1

microsoftwindows_server_2008Matchr2sp1

Node

microsoft.net_frameworkMatch4.5.2

AND

microsoftwindows_7Match-sp1

microsoftwindows_8.1

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008sp2

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012

microsoftwindows_server_2012Matchr2

Node

microsoft.net_frameworkMatch4.6

AND

microsoftwindows_server_2008sp2

Node

microsoft.net_frameworkMatch4.6.2

microsoft.net_frameworkMatch4.7

microsoft.net_frameworkMatch4.7.1

microsoft.net_frameworkMatch4.7.2

AND

microsoftwindows_10Match1607

microsoftwindows_server_2016Match-

Node

microsoft.net_frameworkMatch4.6

microsoft.net_frameworkMatch4.6.1

microsoft.net_frameworkMatch4.6.2

AND

microsoftwindows_10Match-

Node

microsoft.net_frameworkMatch4.6

microsoft.net_frameworkMatch4.6.1

microsoft.net_frameworkMatch4.6.2

microsoft.net_frameworkMatch4.7

microsoft.net_frameworkMatch4.7.1

microsoft.net_frameworkMatch4.7.2

AND

microsoftwindows_7Match-sp1

microsoftwindows_8.1

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2008Matchr2sp1

microsoftwindows_server_2012

microsoftwindows_server_2012Matchr2

Node

microsoft.net_frameworkMatch4.7.1

microsoft.net_frameworkMatch4.7.2

AND

microsoftwindows_10Match1709

microsoftwindows_serverMatch1709

Node

microsoft.net_frameworkMatch4.7.2

AND

microsoftwindows_10Match1803

microsoftwindows_serverMatch1803

Node

microsoft.net_frameworkMatch4.7

microsoft.net_frameworkMatch4.7.1

microsoft.net_frameworkMatch4.7.2

AND

microsoftwindows_10Match1703

Node

microsoftproject_serverMatch2010sp2

microsoftproject_serverMatch2013sp1

Node

microsoftsharepoint_enterprise_serverMatch2013sp1

microsoftsharepoint_enterprise_serverMatch2016

Node

microsoftsharepoint_foundationMatch2010sp2

microsoftsharepoint_foundationMatch2013sp1

Node

microsoftsharepoint_serverMatch2010sp2

microsoftsharepoint_serverMatch2013sp1

References

www.securityfocus.com/bid/104667

www.securitytracker.com/id/1041257

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.191 Low

EPSS

Percentile

96.3%

JSON

Related for NVD:CVE-2018-8284

mscve1 prion1 symantec1 cve1 cvelist1 mskb38 openvas11 nessus9 kaspersky2 trendmicroblog1 talosblog1