CVE-2018-8529
published 2018-11-15CVE-2018-8529: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
13.46%
96.0th percentile
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | team | — | — |
| microsoft | team | — | — |
| microsoft | team_foundation_server | — | — |
| microsoft | team_foundation_server | — | — |
| msrc | team_foundation_server_2018_update_1.1 | — | — |
| msrc | team_foundation_server_2018_update_3 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability arises from missing basic authorization on the communication channel between the TFS service and the Search service. Detection should focus on unauthenticated/unauthorized requests sent directly to the TFS Search service endpoint. ↗
- →Monitor for unexpected or unauthorized command execution originating from the TFS Search service process, which could indicate exploitation of the missing authorization control. ↗
- ·The vulnerability is present in TFS 2018.1.1 and TFS 2018.3 patch levels; patched versions are referenced by Microsoft. Ensure basic authorization is enabled on the TFS-to-Search service communication channel after applying the relevant patch. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Team Foundation Server Remote Code Execution Vulnerability
vendor_msrc·2018-11-13·CVSS 9.8
CVE-2018-8529 [CRITICAL] Team Foundation Server Remote Code Execution Vulnerability
Team Foundation Server Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services. Without basic authorization, an attacker could run certain commands on the Search service.
The security update addresses the vulnerability by ensuring that Team Foundation Server enables basic authorization.
Visual Studio: Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;DOS:N/A
Remediation: Release Notes
Reference: https://aka.ms/tfs2018.1.1patch
Reference: https://aka.ms/tfs2018.3patch
GHSA
GHSA-g635-3cv2-g7jq: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TF
ghsa_unreviewed·2022-05-13
CVE-2018-8529 [CRITICAL] GHSA-g635-3cv2-g7jq: A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TF
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-11-15
Published