Main Vulnerability Database Vulnerabilities #VU653

#VU653 Privilege Escalation in ASP.NET Core MVC

Published: September 23, 2016 / Updated: September 28, 2016

Vulnerability identifier: #VU653

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:C/VI:C/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ASP.NET Core MVC

Software vendor:
Microsoft

Description

The vulnerability allows a remote authenticated user to obtain elevated privileges.

The vulnerability exists due to design error in View Component implementation within public versions of ASP.NET Core MVC 1.0.0. A malicious user can gain access to potentially sensitive information on the system and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow an attacker to obtain elevated privileges on vulnerable system.

The following packages are vulnerable:

Microsoft.AspNetCore.Mvc
Microsoft.AspNetCore.Mvc.Abstractions
Microsoft.AspNetCore.Mvc.ApiExplorer
Microsoft.AspNetCore.Mvc.Core
Microsoft.AspNetCore.Mvc.Cors
Microsoft.AspNetCore.Mvc.DataAnnotations
Microsoft.AspNetCore.Mvc.Formatters.Json
Microsoft.AspNetCore.Mvc.Formatters.Xml
Microsoft.AspNetCore.Mvc.Localization
Microsoft.AspNetCore.Mvc.Razor
Microsoft.AspNetCore.Mvc.Razor.Host
Microsoft.AspNetCore.Mvc.TagHelpers
Microsoft.AspNetCore.Mvc.ViewFeatures
Microsoft.AspNetCore.Mvc.WebApiCompatShim

Remediation

Update ASP.NET Core MVC to 1.0.1.

Microsoft .NET Core 1.0.1 – VS 2015 Tooling Preview 2" updates the ASP.NET Core templates to use the fixed packages.

To download this preview, see the "Tools" section of the .NET Downloads page.

External links

https://technet.microsoft.com/en-us/library/security/3181759.aspx