Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-0786 (GCVE-0-2018-0786)
Vulnerability from cvelistv5 – Published: 2018-01-10 01:00 – Updated: 2024-09-16 23:25
VLAI?
EPSS
Summary
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Severity ?
No CVSS data available.
CWE
- Security Feature Bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | .NET Framework, .NET Core, and PowerShell Core |
Affected:
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"name": "102380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102380"
},
{
"name": "1040152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040152"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": ".NET Framework, .NET Core, and PowerShell Core",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"name": "102380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102380"
},
{
"name": "1040152",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040152"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Framework, .NET Core, and PowerShell Core",
"version": {
"version_data": [
{
"version_value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"name": "102380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102380"
},
{
"name": "1040152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040152"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2018-0786",
"datePublished": "2018-01-10T01:00:00.000Z",
"dateReserved": "2017-12-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:25:38.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2018-00897
Vulnerability from cnvd - Published: 2018-01-15
VLAI Severity ?
Title
Microsoft .NET Framework和.NET Core安全绕过漏洞
Description
Microsoft .NET Framework和.NET Core都是美国微软(Microsoft)公司的产品。Microsoft .NET Framework是一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。.NET Core是一套免费的开源开发平台。该平台具有多语言支持和跨平台等特点。
Microsoft .NET Framework和.NET Core中存在安全绕过漏洞,该漏洞源于程序未能充分的验证证书。攻击者可借助无效的证书利用该漏洞绕过安全限制,执行未授权的操作。
Severity
中
Patch Name
Microsoft .NET Framework和.NET Core安全绕过漏洞的补丁
Patch Description
Microsoft .NET Framework和.NET Core都是美国微软(Microsoft)公司的产品。Microsoft .NET Framework是一种全面且一致的编程模型,也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。.NET Core是一套免费的开源开发平台。该平台具有多语言支持和跨平台等特点。
Microsoft .NET Framework和.NET Core中存在安全绕过漏洞,该漏洞源于程序未能充分的验证证书。攻击者可借助无效的证书利用该漏洞绕过安全限制,执行未授权的操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
Reference
https://www.securityfocus.com/bid/102380
Impacted products
| Name | ['Microsoft .NET Framework 4.5', 'Microsoft .NET Framework 4', 'Microsoft .NET Framework 3.5.1', 'Microsoft .Net Framework 3.5', 'Microsoft .Net Framework 3.0', 'Microsoft .Net Framework 2.0', 'Microsoft .Net Framework 1.1', 'Microsoft .NET Framework 4.5.1', 'Microsoft .Net Framework 4.5.2', 'Microsoft .NET Framework 4.6', 'Microsoft .Net Framework 4.6.1', 'Microsoft .NET Framework 4.6.2', 'Microsoft .NET Framework 4.7', 'Microsoft ASP.NET Core 1.0', 'Microsoft ASP.NET Core 1.1', 'Microsoft ASP.NET Core 2.0'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "102380"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-0786"
}
},
"description": "Microsoft .NET Framework\u548c.NET Core\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft .NET Framework\u662f\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002.NET Core\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u591a\u8bed\u8a00\u652f\u6301\u548c\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nMicrosoft .NET Framework\u548c.NET Core\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u8bc1\u4e66\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u65e0\u6548\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
"discovererName": "Microsoft",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-00897",
"openTime": "2018-01-15",
"patchDescription": "Microsoft .NET Framework\u548c.NET Core\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Microsoft .NET Framework\u662f\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002.NET Core\u662f\u4e00\u5957\u514d\u8d39\u7684\u5f00\u6e90\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u591a\u8bed\u8a00\u652f\u6301\u548c\u8de8\u5e73\u53f0\u7b49\u7279\u70b9\u3002\r\n\r\nMicrosoft .NET Framework\u548c.NET Core\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u7684\u9a8c\u8bc1\u8bc1\u4e66\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u65e0\u6548\u7684\u8bc1\u4e66\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft .NET Framework\u548c.NET Core\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft .NET Framework 4.5",
"Microsoft .NET Framework 4",
"Microsoft .NET Framework 3.5.1",
"Microsoft .Net Framework 3.5",
"Microsoft .Net Framework 3.0",
"Microsoft .Net Framework 2.0",
"Microsoft .Net Framework 1.1",
"Microsoft .NET Framework 4.5.1",
"Microsoft .Net Framework 4.5.2",
"Microsoft .NET Framework 4.6",
"Microsoft .Net Framework 4.6.1",
"Microsoft .NET Framework 4.6.2",
"Microsoft .NET Framework 4.7",
"Microsoft ASP.NET Core 1.0",
"Microsoft ASP.NET Core 1.1",
"Microsoft ASP.NET Core 2.0"
]
},
"referenceLink": "https://www.securityfocus.com/bid/102380",
"serverity": "\u4e2d",
"submitTime": "2018-01-10",
"title": "Microsoft .NET Framework\u548c.NET Core\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
CERTFR-2018-AVI-023
Vulnerability from certfr_avis - Published: 2018-01-10 - Updated: 2018-01-10
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une élévation de privilèges, un contournement de la fonctionnalité de sécurité, un déni de service et une injection de requêtes illégitimes par rebond (CSRF).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | .NET Core 1.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.2/4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.0 Service Pack 2 | ||
| Microsoft | .Net | ASP.NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6.1 | ||
| Microsoft | N/A | .NET Core 2.0 | ||
| Microsoft | N/A | Microsoft .NET Framework 2.0 Service Pack 2 | ||
| Microsoft | N/A | .NET Core 1.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 3.5.1 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.5.2 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.7 | ||
| Microsoft | N/A | Microsoft .NET Framework 4.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.2/4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ASP.NET Core 2.0",
"product": {
"name": ".Net",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 2.0 Service Pack 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET Core 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 3.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft .NET Framework 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-0784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0784"
},
{
"name": "CVE-2018-0764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0764"
},
{
"name": "CVE-2018-0786",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0786"
},
{
"name": "CVE-2018-0785",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0785"
}
],
"initial_release_date": "2018-01-10T00:00:00",
"last_revision_date": "2018-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, un d\u00e9ni de service et une \u003cspan\nclass=\"st\"\u003einjection de requ\u00eates ill\u00e9gitimes par rebond (*CSRF*).\u003c/span\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2018",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance/advisory/"
}
]
}
GHSA-JC8G-XHW5-6X46
Vulnerability from github – Published: 2018-10-16 19:59 – Updated: 2022-07-07 21:42
VLAI?
Summary
Improper Certificate Validation in Microsoft .NET Framework components
Details
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.UniversalWindowsPlatform"
},
"ranges": [
{
"events": [
{
"introduced": "5.2.0"
},
{
"fixed": "5.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.UniversalWindowsPlatform"
},
"ranges": [
{
"events": [
{
"introduced": "5.3.0"
},
{
"fixed": "5.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.UniversalWindowsPlatform"
},
"ranges": [
{
"events": [
{
"introduced": "5.4.0"
},
{
"fixed": "5.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.UniversalWindowsPlatform"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Primitives"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Http"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Http"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Http"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.NetTcp"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.NetTcp"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.NetTcp"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Duplex"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Duplex"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Duplex"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.1"
},
{
"fixed": "4.0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.1"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Security"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Security"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.ServiceModel.Security"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.1"
},
{
"fixed": "4.0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.0.1"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.Private.ServiceModel"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.4.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.Private.ServiceModel"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.3.0"
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "System.Private.ServiceModel"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4.1.0"
]
}
],
"aliases": [
"CVE-2018-0786"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:43:03Z",
"nvd_published_at": "2018-01-10T01:29:00Z",
"severity": "HIGH"
},
"details": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"id": "GHSA-jc8g-xhw5-6x46",
"modified": "2022-07-07T21:42:15Z",
"published": "2018-10-16T19:59:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0786"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/announcements/issues/51"
},
{
"type": "WEB",
"url": "https://github.com/github/advisory-database/issues/302"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jc8g-xhw5-6x46"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"type": "WEB",
"url": "https://www.nuget.org/packages/System.ServiceModel.Duplex#versions-body-tab"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in Microsoft .NET Framework components"
}
GSD-2018-0786
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-0786",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"id": "GSD-2018-0786"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-0786"
],
"details": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"id": "GSD-2018-0786",
"modified": "2023-12-13T01:22:24.623057Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": ".NET Framework, .NET Core, and PowerShell Core",
"version": {
"version_data": [
{
"version_value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, PowerShell Core 6.0.0"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"name": "102380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102380"
},
{
"name": "1040152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040152"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[5.2.0,5.2.4),[5.3.0,5.3.5),[5.4.0,5.4.2),[6.0.0,6.0.6),[6.0.0,6.0.6)",
"affected_versions": "All versions starting from 5.2.0 before 5.2.4, all versions starting from 5.3.0 before 5.3.5, all versions starting from 5.4.0 before 5.4.2, all versions starting from 6.0.0 before 6.0.6, all versions starting from 6.0.0 before 6.0.6",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2021-12-03",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"5.2.4",
"5.2.4",
"5.3.5",
"5.4.2",
"6.0.6",
"6.0.6"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 5.2.0, all versions starting from 5.2.4 before 5.3.0, all versions starting from 5.3.5 before 5.4.0, all versions starting from 5.4.2 before 6.0.0, all versions starting from 6.0.6, all versions before 6.0.0, all versions starting from 6.0.6",
"package_slug": "nuget/Microsoft.NETCore.UniversalWindowsPlatform",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 5.2.4, 5.2.4, 5.3.5, 5.4.2, 6.0.6, 6.0.6 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46"
],
"uuid": "a729f11f-998b-449e-b8a2-33c59f9f0e9a"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.Private.ServiceModel",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "48a2680b-62d2-43b5-a042-aa65e92c8fb5"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.ServiceModel.Duplex",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "d8338e0b-464f-42c3-8188-0e9792bf6278"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.ServiceModel.Http",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "e41906c8-4e68-4834-81a8-23b306dadb2a"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.ServiceModel.NetTcp",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "2fbb7ab2-c2a5-4c06-882e-697ba48c670d"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.ServiceModel.Primitives",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "9e5b33bb-6a2d-4325-a594-682f6612fadd"
},
{
"affected_range": "[4.1.0],[4.3.0,4.4.0]",
"affected_versions": "Version 4.1.0, all versions starting from 4.3.0 up to 4.4.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-295",
"CWE-937"
],
"date": "2022-07-07",
"description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
"fixed_versions": [
"4.4.1",
"4.1.1"
],
"identifier": "CVE-2018-0786",
"identifiers": [
"GHSA-jc8g-xhw5-6x46",
"CVE-2018-0786"
],
"not_impacted": "All versions before 4.1.0, all versions after 4.1.0 before 4.3.0, all versions after 4.4.0",
"package_slug": "nuget/System.ServiceModel.Security",
"pubdate": "2018-10-16",
"solution": "Upgrade to versions 4.4.1, 4.1.1 or above.",
"title": "Improper Certificate Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-0786",
"https://github.com/dotnet/announcements/issues/51",
"https://github.com/github/advisory-database/issues/302",
"https://github.com/advisories/GHSA-jc8g-xhw5-6x46",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
],
"uuid": "0e7a5baa-a355-4303-811e-7456b64613dc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0786"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"name": "1040152",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040152"
},
{
"name": "102380",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102380"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-08-12T17:19Z",
"publishedDate": "2018-01-10T01:29Z"
}
}
}
FKIE_CVE-2018-0786
Vulnerability from fkie_nvd - Published: 2018-01-10 01:29 - Updated: 2024-11-21 03:38
Severity ?
Summary
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | http://www.securityfocus.com/bid/102380 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | http://www.securitytracker.com/id/1040152 | Third Party Advisory, VDB Entry | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102380 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040152 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EDF760A-C775-457E-8091-586E56545B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7302633B-E263-4F85-8A38-D5C18394F292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6A900C-6173-466A-B54D-683A12F53138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40B3A045-B08A-44E0-91BE-726753F6A362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0B660D-1F30-4D45-B98B-726EDB8CB90F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*",
"matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "280FE663-23BE-45D2-9B31-5F577E390B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0B660D-1F30-4D45-B98B-726EDB8CB90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\""
},
{
"lang": "es",
"value": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1; .NET Core 1.0 y 2.0; y PowerShell Core 6.0.0 permiten una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad debido a la forma en la que se validan los certificados. Esto tambi\u00e9n se conoce como \".NET Security Feature Bypass Vulnerability\"."
}
],
"id": "CVE-2018-0786",
"lastModified": "2024-11-21T03:38:56.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-10T01:29:00.320",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102380"
},
{
"source": "secure@microsoft.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040152"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…