Vulnerability Details : CVE-2018-8171
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-8171
- cpe:2.3:a:microsoft:asp.net_model_view_controller:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_webpages:3.2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8171
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8171
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-8171
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8171
-
http://www.securityfocus.com/bid/104659
Microsoft ASP.NET Core CVE-2018-8171 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1041267
ASP.NET Lets Remote Users Bypass Authentication Failure Restrictions on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171
CVE-2018-8171 | ASP.NET Security Feature Bypass VulnerabilityVendor Advisory;Patch
Jump to