Vulnerability identifier: #VU653

Vulnerability risk: Medium

CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:C/I:C/A:L/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ASP.NET Core MVC
Universal components / Libraries / Software for developers

Vendor: Microsoft

Description

The vulnerability allows a remote authenticated user to obtain elevated privileges.

The vulnerability exists due to design error in View Component implementation within public versions of ASP.NET Core MVC 1.0.0. A malicious user can gain access to potentially sensitive information on the system and obtain elevated privileges on the system.

Successful exploitation of this vulnerability will allow an attacker to obtain elevated privileges on vulnerable system.

The following packages are vulnerable:

• Microsoft.AspNetCore.Mvc
• Microsoft.AspNetCore.Mvc.Abstractions
• Microsoft.AspNetCore.Mvc.ApiExplorer
• Microsoft.AspNetCore.Mvc.Core
• Microsoft.AspNetCore.Mvc.Cors
• Microsoft.AspNetCore.Mvc.DataAnnotations
• Microsoft.AspNetCore.Mvc.Formatters.Json
• Microsoft.AspNetCore.Mvc.Formatters.Xml
• Microsoft.AspNetCore.Mvc.Localization
• Microsoft.AspNetCore.Mvc.Razor
• Microsoft.AspNetCore.Mvc.Razor.Host
• Microsoft.AspNetCore.Mvc.TagHelpers
• Microsoft.AspNetCore.Mvc.ViewFeatures
• Microsoft.AspNetCore.Mvc.WebApiCompatShim

Mitigation

Update ASP.NET Core MVC to 1.0.1.

Microsoft .NET Core 1.0.1 – VS 2015 Tooling Preview 2" updates the ASP.NET Core templates to use the fixed packages.

To download this preview, see the "Tools" section of the .NET Downloads page.

Vulnerable software versions

ASP.NET Core MVC: 1.0.0

---

External links
http://technet.microsoft.com/en-us/library/security/3181759.aspx

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.