Vulnerabilities > CVE-2018-0784 - Unspecified vulnerability in Microsoft Asp.Net Core 2.0

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
microsoft
nessus

Summary

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Nessus

NASL familyWindows
NASL idSMB_NT_MS18_ASPDOT_NET_214.NASL
descriptionThe remote Windows host has an installation of ASP.NET Core and .NET Core SDK with a version less than 2.1.4. Therefore, the host is affected by multiple vulnerabilities: - An elevation of privilege vulnerability due to improper sanitization of web requests (CVE-2018-0784) - A cross-site request forgery that could allow an attacker to change the recovery codes of a victims account. (CVE-2018-0785)
last seen2020-06-01
modified2020-06-02
plugin id105796
published2018-01-13
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/105796
titleSecurity Update for ASP.NET Core January 2018