Vulnerability Details : CVE-2018-8356
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Products affected by CVE-2018-8356
- cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows 8.1When used together with: Microsoft » Windows Server 2012When used together with: Microsoft » Windows Server 2016
- cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows 8.1When used together with: Microsoft » Windows Server 2012
- cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:.net_framework_developer_pack:4.7.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8356
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8356
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-8356
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8356
-
http://www.securityfocus.com/bid/104664
Malformed RequestThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356
CVE-2018-8356 | .NET Framework Security Feature Bypass VulnerabilityPatch;Vendor Advisory
-
http://www.securitytracker.com/id/1041257
Microsoft .NET Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Bypass Security and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to