Sign-up

ID

VAR-201801-1126


CVE

CVE-2018-0784


TITLE

ASP.NET Core Vulnerability in which privileges are elevated

Trust: 0.8

sources: JVNDB: JVNDB-2018-001241

DESCRIPTION

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges

Trust: 2.97

sources: NVD: CVE-2018-0784 // JVNDB: JVNDB-2018-001241 // CNVD: CNVD-2018-00899 // CNNVD: CNNVD-201801-406 // BID: 102377

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-00899

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.0

Trust: 3.3

vendor:microsoftmodel:windows version for 32-bit systemsscope:eqversion:1017030

Trust: 0.3

vendor:microsoftmodel:asp.netscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-00899 // BID: 102377 // JVNDB: JVNDB-2018-001241 // CNNVD: CNNVD-201801-406 // NVD: CVE-2018-0784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0784
value: HIGH

Trust: 1.0

NVD: CVE-2018-0784
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-00899
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-406
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-0784
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-00899
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0784
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-00899 // JVNDB: JVNDB-2018-001241 // CNNVD: CNNVD-201801-406 // NVD: CVE-2018-0784

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-001241 // NVD: CVE-2018-0784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-406

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001241

PATCH
title:CVE-2018-0784 | ASP.NET Core Elevation Of Privilege Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784
Trust: 0.8
title:CVE-2018-0784 | ASP.NET Core の特権の昇格の脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-0784
Trust: 0.8
title:Patch for Microsoft ASP.NET Core Privilege Escalation Vulnerability (CNVD-2018-00899)url:https://www.cnvd.org.cn/patchInfo/show/113385
Trust: 0.6
title:Microsoft ASP.NET Core Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77661
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00899 // 
            
            
            
            JVNDB: JVNDB-2018-001241 // 
            
            
            
            CNNVD: CNNVD-201801-406

EXTERNAL IDS
db:NVDid:CVE-2018-0784
Trust: 3.3
db:BIDid:102377
Trust: 2.5
db:SECTRACKid:1040151
Trust: 2.2
db:JVNDBid:JVNDB-2018-001241
Trust: 0.8
db:CNVDid:CNVD-2018-00899
Trust: 0.6
db:CNNVDid:CNNVD-201801-406
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-00899 // 
            
            
            
            BID: 102377 // 
            
            
            
            JVNDB: JVNDB-2018-001241 // 
            
            
            
            CNNVD: CNNVD-201801-406 // 
            
            
            
            NVD: CVE-2018-0784

REFERENCES
url:http://www.securityfocus.com/bid/102377
Trust: 2.2
url:http://www.securitytracker.com/id/1040151
Trust: 2.2
url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-0784
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0784
Trust: 0.8
url:https://www.ipa.go.jp/security/ciadr/vul/20180110-ms.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2018/at180002.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0784
Trust: 0.8
url:http://www.microsoft.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-00899 // 
            
            
            
            BID: 102377 // 
            
            
            
            JVNDB: JVNDB-2018-001241 // 
            
            
            
            CNNVD: CNNVD-201801-406 // 
            
            
            
            NVD: CVE-2018-0784

CREDITS
Kévin Chalet
Trust: 0.3
sources:
            
            
            BID: 102377

SOURCES
db:CNVDid:CNVD-2018-00899
db:BIDid:102377
db:JVNDBid:JVNDB-2018-001241
db:CNNVDid:CNNVD-201801-406
db:NVDid:CVE-2018-0784

LAST UPDATE DATE
2024-08-14T13:29:17.425000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-00899date:2018-01-15T00:00:00
db:BIDid:102377date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001241date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201801-406date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0784date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-00899date:2018-01-15T00:00:00
db:BIDid:102377date:2018-01-09T00:00:00
db:JVNDBid:JVNDB-2018-001241date:2018-02-02T00:00:00
db:CNNVDid:CNNVD-201801-406date:2018-01-11T00:00:00
db:NVDid:CVE-2018-0784date:2018-01-10T01:29:00.243