CVE-2021-43877 — Improper Input Validation in Microsoft Asp.net Core 3.1

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.8HIGHNVD

CNA8.8

EPSS

0.7%

top 28.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

11

Microsoft Asp.net Core 3.1 Microsoft Asp.net Core 5.0 Microsoft Asp.net Core 6.0 +8 more

Timeline

PublishedDec 15

Description

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.716.0.0 — 16.7.23

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.915.0.0 — 16.9.15

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.017.0.0 — 17.0.3

▶CVEListV5microsoft/microsoft_visual_studio_2022_version_17.117.0.0 — 17.1.4

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.1116.11.0 — 16.11.8

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

CVEList

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability↗2021-12-15

▶

📋Vendor Advisories

2

Microsoft

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability↗2021-12-14

▶

Red Hat

dotnet: ASPNetCore processPath privilege escalation↗2021-12-14

▶

CVE-2021-43877 — Improper Input Validation in Microsoft | cvebase