cbcvebase.
CVE-2018-8529
published 2018-11-15

CVE-2018-8529: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
13.46%
96.0th percentile
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftteam
microsoftteam
microsoftteam_foundation_server
microsoftteam_foundation_server
msrcteam_foundation_server_2018_update_1.1
msrcteam_foundation_server_2018_update_3

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability arises from missing basic authorization on the communication channel between the TFS service and the Search service. Detection should focus on unauthenticated/unauthorized requests sent directly to the TFS Search service endpoint.
  • Monitor for unexpected or unauthorized command execution originating from the TFS Search service process, which could indicate exploitation of the missing authorization control.
  • ·The vulnerability is present in TFS 2018.1.1 and TFS 2018.3 patch levels; patched versions are referenced by Microsoft. Ensure basic authorization is enabled on the TFS-to-Search service communication channel after applying the relevant patch.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.