CVE-2018-8356

CWE-295 — Improper Certificate Validation7 documents7 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 54.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Core Microsoft .net Framework Microsoft Asp.net Core +3 more

Timeline

PublishedJul 11

Latest updateMay 14

Description

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages15 packages

▶CVEListV5microsoft/.net_framework4.7.2 Developer Pack

▶NVDmicrosoft/.net_framework10 versions+9

▶CVEListV5microsoft/microsoft_.net_framework63 versions+62

▶NVDmicrosoft/.net_framework_developer_pack4.7.2

▶CVEListV5microsoft/.net_core1.0, 1.1, 2.0+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

Improper Certificate Validation in Microsoft .NET Framework components↗2022-05-14

▶

GHSA

Improper Certificate Validation in Microsoft .NET Framework components↗2022-05-14

▶

CVEList

CVE-2018-8356: A security feature bypass vulnerability exists when Microsoft↗2018-07-11

▶

📋Vendor Advisories

Microsoft

.NET Framework Security Feature Bypass Vulnerability↗2018-07-10

▶

Red Hat

Core: incorrect certificates validation↗2018-07-10

▶

💬Community

Bugzilla

CVE-2018-8356 .NET Core: incorrect certificates validation↗2018-07-12

▶