Multiple vulnerabilities in Microsoft ASP.NET Core
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-0784 CVE-2018-0785 CVE-2018-0789 CVE-2018-0786 CVE-2018-0764 |
| CWE-ID | CWE-20 CWE-352 CWE-79 CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ASP.NET Core MVC Universal components / Libraries / Software for developers Microsoft SharePoint Server Server applications / Application servers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU9895
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0784
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists due to an error when a ASP.NET Core web application, created using vulnerable project templates, improperly sanitize web requests. A remote attacker can trick the victim into clicking a specially crafted link, perform content injection attacks and run script in the security context of the logged-on user.
MitigationInstall update from vendor's website.
ASP.NET Core MVC: 2.0
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site request forgery
EUVDB-ID: #VU9897
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0785
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists due to an error when a ASP.NET Core web application is created using vulnerable project templates. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and change the recovery codes associated with the victim's user account without his/her consent.
Install update from vendor's website.
ASP.NET Core MVC: 2.0
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU9898
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0789
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote authenticated attacker to perform XSS attacks.
The vulnerability is caused by an input validation error of a specially crafted web request to an affected SharePoint server. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Microsoft SharePoint Server: 2010 - 2016
CPE2.3- cpe:2.3:a:microsoft:microsoft_sharepoint_server:2010:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sharepoint_server:2013:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_sharepoint_server:2016:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU9899
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0786
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper validation of certificates by Microsoft .NET Framework (and .NET Core) components. A remote attacker can supply an invalid certificate and disregard the Enhanced Key Usage taggings.
Install update from vendor's website.
Vulnerable software versionsASP.NET Core MVC: 1.0.0 - 2.0
CPE2.3- cpe:2.3:a:microsoft:aspnet_core_mvc:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnet_core_mvc:2.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Restriction of XML External Entity Reference
EUVDB-ID: #VU9900
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0764
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of XML documents by .NET, and .NET core. A remote attacker can issue specially crafted requests to a .NET(or .NET core) application and cause the application to crash.
Install update from vendor's website.
Vulnerable software versionsASP.NET Core MVC: 1.0.0 - 2.0
CPE2.3- cpe:2.3:a:microsoft:aspnet_core_mvc:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnet_core_mvc:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:aspnet_core_mvc:2.0:*:*:*:*:*:*:*
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
