#VU11028 Privilege escalation in ASP.NET Core MVC - CVE-2018-0787

Cybersecurity Help s.r.o.

Published: 2018-03-13

Vulnerability identifier: #VU11028

Vulnerability risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-0787

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ASP.NET Core MVC
Universal components / Libraries / Software for developers

Vendor: Microsoft

Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to improper validation of web requests by a Kestrel web application. A remote attacker can send a specially crafted request, containing injected HTML, initiate a "password reset" email to the target user, trigger as soon as the target user opens the "password reset" e-mail and gain system privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

ASP.NET Core MVC: 2.0

External links
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Microsoft ASP.NET Core