Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-8356

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Published

2018-07-11T00:29:02.587

Last Modified

2024-11-21T04:13:40.677

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	.net_framework	3.0	Yes
Operating System	microsoft	windows_server_2008	-	No
Application	microsoft	.net_framework	3.5	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_10	1607	No
Operating System	microsoft	windows_10	1703	No
Operating System	microsoft	windows_10	1709	No
Operating System	microsoft	windows_10	1803	No
Operating System	microsoft	windows_8.1	*	No
Operating System	microsoft	windows_server	1803	No
Operating System	microsoft	windows_server_2012	*	No
Operating System	microsoft	windows_server_2012	r2	No
Operating System	microsoft	windows_server_2016	*	No
Application	microsoft	.net_framework	3.5.1	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_server_2008	r2	No
Application	microsoft	.net_framework	4.5.2	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	*	No
Operating System	microsoft	windows_rt_8.1	-	No
Operating System	microsoft	windows_server_2008	*	No
Operating System	microsoft	windows_server_2008	r2	No
Operating System	microsoft	windows_server_2012	*	No
Operating System	microsoft	windows_server_2012	r2	No
Application	microsoft	.net_framework	4.6	Yes
Operating System	microsoft	windows_server_2008	*	No
Application	microsoft	.net_framework	4.6.2	Yes
Application	microsoft	.net_framework	4.7	Yes
Application	microsoft	.net_framework	4.7.1	Yes
Application	microsoft	.net_framework	4.7.2	Yes
Operating System	microsoft	windows_10	1607	No
Operating System	microsoft	windows_server_2016	-	No
Application	microsoft	.net_framework	4.6	Yes
Application	microsoft	.net_framework	4.6.1	Yes
Application	microsoft	.net_framework	4.6.2	Yes
Operating System	microsoft	windows_10	-	No
Application	microsoft	.net_framework	4.6	Yes
Application	microsoft	.net_framework	4.6.1	Yes
Application	microsoft	.net_framework	4.6.2	Yes
Application	microsoft	.net_framework	4.7	Yes
Application	microsoft	.net_framework	4.7.1	Yes
Application	microsoft	.net_framework	4.7.2	Yes
Operating System	microsoft	windows_7	-	No
Operating System	microsoft	windows_8.1	*	No
Operating System	microsoft	windows_rt_8.1	-	No
Operating System	microsoft	windows_server_2008	r2	No
Operating System	microsoft	windows_server_2012	*	No
Operating System	microsoft	windows_server_2012	r2	No
Application	microsoft	.net_framework	4.7.2	Yes
Operating System	microsoft	windows_10	1803	No
Operating System	microsoft	windows_server	1803	No
Application	microsoft	powershell_core	6.0	Yes
Application	microsoft	powershell_core	6.1	Yes
Application	microsoft	.net_core	1.0	Yes
Application	microsoft	.net_core	1.1	Yes
Application	microsoft	.net_core	2.0	Yes
Application	microsoft	.net_framework_developer_pack	4.7.2	Yes
Application	microsoft	asp.net_core	1.0	Yes
Application	microsoft	asp.net_core	1.1	Yes
Application	microsoft	asp.net_core	2.0	Yes

References

http://www.securityfocus.com/bid/104664 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1041257 Third Party Advisory, VDB Entry ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104664 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1041257 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)