CVE-2018-0784 - ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core

CVE-2018-0784

Summary

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.

References

http://www.securityfocus.com/bid/102377
http://www.securitytracker.com/id/1040151
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784

Vulnerable Configurations

cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	102377
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784
sectrack	1040151

Last major update

03-10-2019 - 00:03

Published

10-01-2018 - 01:29

Last modified

03-10-2019 - 00:03