CVE-2018-8356
Description
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Related CPE's
References
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | LOCAL |
AvailabilityImpact | NONE |
IntegrityImpact | HIGH |
PrivilegesRequired | LOW |
BaseScore | 5.5 |
VectorString | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Version | 3.0 |
UserInteraction | NONE |
CvssV2 impact
Version | 2.0 |
VectorString | AV:L/AC:L/Au:N/C:N/I:P/A:N |
AccessVector | LOCAL |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 2.1 |