CVE-2018-0786

CWE-295 — Improper Certificate Validation7 documents7 sources

Severity

7.5HIGH

EPSS

2.0%

top 16.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft .net Core Microsoft .net Framework Microsoft Powershell Core

Timeline

PublishedJan 10

Latest updateOct 16

Description

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶NVDmicrosoft/powershell_core6.0

▶NuGetMicrosoft.NETCore.UniversalWindowsPlatform5.2.0 — 5.2.4+3

▶NVDmicrosoft/.net_core1.0, 2.0+1

▶NuGetSystem.ServiceModel.Security4.4.0 — 4.4.1+2

▶NVDmicrosoft/.net_framework10 versions+9

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

3

GHSA

Improper Certificate Validation in Microsoft .NET Framework components↗2018-10-16

▶

OSV

Improper Certificate Validation in Microsoft .NET Framework components↗2018-10-16

▶

CVEList

CVE-2018-0786: Microsoft↗2018-01-10

▶

📋Vendor Advisories

2

Microsoft

.NET Security Feature Bypass Vulnerability↗2018-01-09

▶

Red Hat

ASP.NET: Incorrect certificate validation can allow attackers to bypass security checks↗2018-01-08

▶

💬Community

1

Bugzilla

CVE-2018-0786 ASP.NET: Incorrect certificate validation can allow attackers to bypass security checks↗2018-01-12

▶