Vulnerabilities > CVE-2018-0784 - Unspecified vulnerability in Microsoft Asp.Net Core 2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | SMB_NT_MS18_ASPDOT_NET_214.NASL |
| description | The remote Windows host has an installation of ASP.NET Core and .NET Core SDK with a version less than 2.1.4. Therefore, the host is affected by multiple vulnerabilities: - An elevation of privilege vulnerability due to improper sanitization of web requests (CVE-2018-0784) - A cross-site request forgery that could allow an attacker to change the recovery codes of a victims account. (CVE-2018-0785) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 105796 |
| published | 2018-01-13 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/105796 |
| title | Security Update for ASP.NET Core January 2018 |