1. CVE-Search
  2. CVE-2018-8202
ID CVE-2018-8202
Summary An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server:1803:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 23-05-2022 - 17:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 104665
confirm https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8202
sectrack 1041257
Last major update 23-05-2022 - 17:29
Published 11-07-2018 - 00:29
Last modified 23-05-2022 - 17:29
Back to Top