ID CVE-2018-0786
Summary Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
References
Vulnerable Configurations
  • Microsoft .NET Core 1.0
    cpe:2.3:a:microsoft:.net_core:1.0
  • cpe:2.3:a:microsoft:.net_core:2.0
    cpe:2.3:a:microsoft:.net_core:2.0
  • cpe:2.3:a:microsoft:powershell_core:6.0.0
    cpe:2.3:a:microsoft:powershell_core:6.0.0
  • Microsoft .NET Framework 2.0 Service Pack 2
    cpe:2.3:a:microsoft:.net_framework:2.0:sp2
  • Microsoft .NET Framework Version 3.0 Service Pack 2
    cpe:2.3:a:microsoft:.net_framework:3.0:sp2
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft .net Framework 3.5
    cpe:2.3:a:microsoft:.net_framework:3.5
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • cpe:2.3:o:microsoft:windows_10:1511
    cpe:2.3:o:microsoft:windows_10:1511
  • cpe:2.3:o:microsoft:windows_10:1607
    cpe:2.3:o:microsoft:windows_10:1607
  • Microsoft Windows 10 1703
    cpe:2.3:o:microsoft:windows_10:1703
  • Microsoft Windows 10 1709
    cpe:2.3:o:microsoft:windows_10:1709
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Microsoft Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012
  • cpe:2.3:o:microsoft:windows_server_2012:r2
    cpe:2.3:o:microsoft:windows_server_2012:r2
  • Microsoft Windows Server 2016
    cpe:2.3:o:microsoft:windows_server_2016
  • Microsoft .net Framework 3.5.1
    cpe:2.3:a:microsoft:.net_framework:3.5.1
  • cpe:2.3:o:microsoft:windows_7:-:sp1
    cpe:2.3:o:microsoft:windows_7:-:sp1
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:itanium
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:itanium
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
  • Microsoft .net Framework 4.5.2
    cpe:2.3:a:microsoft:.net_framework:4.5.2
  • cpe:2.3:o:microsoft:windows_7:-:sp1
    cpe:2.3:o:microsoft:windows_7:-:sp1
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Microsoft Windows RT 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
  • Microsoft Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012
  • cpe:2.3:o:microsoft:windows_server_2012:r2
    cpe:2.3:o:microsoft:windows_server_2012:r2
  • Microsoft .net Framework 4.6
    cpe:2.3:a:microsoft:.net_framework:4.6
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • Microsoft Windows Server 2008 Service Pack 2
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  • Microsoft .NET Framework 4.6.1
    cpe:2.3:a:microsoft:.net_framework:4.6.1
  • cpe:2.3:o:microsoft:windows_10:1511
    cpe:2.3:o:microsoft:windows_10:1511
  • Microsoft .NET Framework 4.6.2
    cpe:2.3:a:microsoft:.net_framework:4.6.2
  • Microsoft .NET Framework 4.7.0
    cpe:2.3:a:microsoft:.net_framework:4.7
  • cpe:2.3:o:microsoft:windows_10:1607
    cpe:2.3:o:microsoft:windows_10:1607
  • Microsoft Windows Server 2016
    cpe:2.3:o:microsoft:windows_server_2016
  • Microsoft .net Framework 4.6
    cpe:2.3:a:microsoft:.net_framework:4.6
  • Microsoft .NET Framework 4.6.1
    cpe:2.3:a:microsoft:.net_framework:4.6.1
  • Microsoft .NET Framework 4.6.2
    cpe:2.3:a:microsoft:.net_framework:4.6.2
  • Microsoft .NET Framework 4.7.0
    cpe:2.3:a:microsoft:.net_framework:4.7
  • cpe:2.3:o:microsoft:windows_7:-:sp1
    cpe:2.3:o:microsoft:windows_7:-:sp1
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Microsoft Windows RT 8.1
    cpe:2.3:o:microsoft:windows_rt_8.1
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:-:-:-:-:x64
  • Microsoft Windows Server 2012
    cpe:2.3:o:microsoft:windows_server_2012
  • cpe:2.3:o:microsoft:windows_server_2012:r2
    cpe:2.3:o:microsoft:windows_server_2012:r2
  • Microsoft .NET Framework 4.7.0
    cpe:2.3:a:microsoft:.net_framework:4.7
  • Microsoft Windows 10 1703
    cpe:2.3:o:microsoft:windows_10:1703
  • Microsoft .NET Framework 4.7.1
    cpe:2.3:a:microsoft:.net_framework:4.7.1
  • Microsoft Windows 10 1709
    cpe:2.3:o:microsoft:windows_10:1709
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-254
CAPEC
msbulletin via4
bulletin_SOURCE_FILE https://portal.msrc.microsoft.com/api/security-guidance/en-us/
cves_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
impact Security Feature Bypass
knowledgebase_SOURCE_FILE
knowledgebase_id
name Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7
publishedDate 2018-01-09T08:00:00
severity Important
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_MS18_JAN_DOTNET_CORE.NASL
    description The Microsoft .NET Core runtime installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass in X509 Certificate Validation allows an attacker to present a certificate that is marked as invalid for a specific use, but a component uses it for that purpose. (CVE-2018-0786) - A denial of service vulnerability exists due to improper processing of XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application. (CVE-2018-0764)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 105729
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105729
    title Security Update for .NET Core (January 2018) (macOS)
  • NASL family Windows : Microsoft Bulletins
    NASL id SMB_NT_MS18_JAN_4055266.NASL
    description The .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application. (CVE-2018-0764) - A security feature bypass vulnerability exists when Microsoft .NET Framework (and .NET Core) components do not completely validate certificates. An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings. (CVE-2018-0786)
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 105731
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105731
    title Security and Quality Rollup for .NET Framework (January 2018)
  • NASL family Windows
    NASL id SMB_NT_MS18_JAN_DOTNET_CORE.NASL
    description The remote Windows host has an installation of .NET Core with a version less than 2.0.5. Therefore, the host is affected by multiple vulnerabilities : - A security feature bypass in X509 Certificate Validation allows an attacker to present a certificate that is marked as invalid for a specific use, but a component uses it for that purpose. (CVE-2018-0786) - A denial of service vulnerability exists due to improper processing of XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application. (CVE-2018-0764)
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 105730
    published 2018-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105730
    title Security Update for .NET Core (January 2018)
refmap via4
bid 102380
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
sectrack 1040152
the hacker news via4
id THN:ED087560040A02BCB1F68DE406A7F577
last seen 2018-01-27
modified 2018-01-11
published 2018-01-09
reporter Mohit Kumar
source https://thehackernews.com/2018/01/microsoft-security-patch.html
title Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day
Last major update 09-01-2018 - 20:29
Published 09-01-2018 - 20:29
Last modified 25-03-2019 - 15:17
Back to Top