Multiple vulnerabilities in Microsoft ASP.NET Core

Published: 2018-01-09 21:31:59
Severity Low
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2018-0784
CVE-2018-0785
CVE-2018-0789
CVE-2018-0786
CVE-2018-0764
CVSSv3 7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
6.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-352
CWE-79
CWE-611
Exploitation vector Network
Public exploit Not available
Vulnerable software ASP.NET Core MVC
Microsoft SharePoint Server
Vulnerable software versions ASP.NET Core MVC 2.0
ASP.NET Core MVC 1.0.0
ASP.NET Core MVC 1.1.0
Microsoft SharePoint Server 2016
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2010
Vendor URL Microsoft

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error when a ASP.NET Core web application, created using vulnerable project templates, improperly sanitize web requests. A remote attacker can trick the victim into clicking a specially crafted link, perform content injection attacks and run script in the security context of the logged-on user.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784

2) Cross-site request forgery

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The weakness exists due to an error when a ASP.NET Core web application is created using vulnerable project templates. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and change the recovery codes associated with the victim's user account without his/her consent.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785

3) Cross-site scripting

Description

Vulnerability allows a remote authenticated attacker to perform XSS attacks.

The vulnerability is caused by an input validation error of a specially crafted web request to an affected SharePoint server. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0789

4) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to improper validation of certificates by Microsoft .NET Framework (and .NET Core) components. A remote attacker can supply an invalid certificate and disregard the Enhanced Key Usage taggings.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786

5) Improper Restriction of XML External Entity Reference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to improper processing of XML documents by .NET, and .NET core. A remote attacker can issue specially crafted requests to a .NET(or .NET core) application and cause the application to crash.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764

Back to List