CVE-2018-8202 : An elevation of privilege vulnerability exists in .NET Framework which could all

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Published 2018-07-11 00:29:00

Updated 2022-05-23 17:29:16

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2018-8202

Microsoft » .net Framework » Version: 2.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2
Microsoft » .net Framework » Version: 3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows 10 » Version: 1703
When used together with: Microsoft » Windows 10 » Version: 1709
When used together with: Microsoft » Windows 10 » Version: 1803
When used together with: Microsoft » Windows 8.1
When used together with: Microsoft » Windows Server 2012
When used together with: Microsoft » Windows Server 2012 » Version: R2
When used together with: Microsoft » Windows Server 2016
Microsoft » .net Framework » Version: 3.5.1
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1
When used together with: Microsoft » Windows Server 2008 » Version: R2 Update SP1
Microsoft » .net Framework » Version: 3.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2
Microsoft » .net Framework » Version: 4.5.2
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 7 » Version: N/A Update SP1
When used together with: Microsoft » Windows 8.1
When used together with: Microsoft » Windows Rt 8.1 » Version: N/A
When used together with: Microsoft » Windows Server 2008 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Version: R2 Update SP1
When used together with: Microsoft » Windows Server 2012
When used together with: Microsoft » Windows Server 2012 » Version: R2
Microsoft » .net Framework » Version: 4.6
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2008 » Update SP2
Microsoft » .net Framework » Version: 4.6.1
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: N/A
Microsoft » .net Framework » Version: 4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows Server 2016 » Version: N/A
Microsoft » .net Framework » Version: 4.7
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows Server 2016 » Version: N/A
Microsoft » .net Framework » Version: 4.7.1
cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows Server 2016 » Version: N/A
Microsoft » .net Framework » Version: 4.7.2
cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 10 » Version: 1607
When used together with: Microsoft » Windows Server 2016 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2018-8202

EPSS FAQ

1.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-8202

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-8202

http://www.securityfocus.com/bid/104665

Microsoft .NET Framework CVE-2018-8202 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202

CVE-2018-8202 | .NET Framework Elevation of Privilege Vulnerability
Patch;Vendor Advisory
http://www.securitytracker.com/id/1041257

Microsoft .NET Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Bypass Security and Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-8202

Products affected by CVE-2018-8202

Exploit prediction scoring system (EPSS) score for CVE-2018-8202

CVSS scores for CVE-2018-8202

References for CVE-2018-8202