CVE-2018-1039

CWE-287 — Improper Authentication6 documents6 sources

Severity

7.8HIGH

EPSS

0.5%

top 32.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft .net Framework Microsoft .net Framework

Timeline

PublishedMay 9

Latest updateMay 13

Description

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/.net_framework10 versions+9

▶CVEListV5microsoft/microsoft_.net_framework68 versions+67

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hpwc-q62m-hq9q: A security feature bypass vulnerability exists in↗2022-05-13

▶

CVEList

CVE-2018-1039: A security feature bypass vulnerability exists in↗2018-05-09

▶

📋Vendor Advisories

Microsoft

.NET Framework Device Guard Security Feature Bypass Vulnerability↗2018-05-08

▶

Red Hat

dotnet: Device Guard security bypass can allow for privilege escalation↗2018-05-08

▶

💬Community

Bugzilla

CVE-2018-1039 dotnet: Device Guard security bypass can allow for privilege escalation↗2018-05-10

▶