ID

VAR-202102-1065


CVE

CVE-2021-24112


TITLE

plural  Microsoft  Remote Code Execution Vulnerability in Product

Trust: 0.8

sources: JVNDB: JVNDB-2021-004039

DESCRIPTION

.NET Core Remote Code Execution Vulnerability

Trust: 1.71

sources: NVD: CVE-2021-24112 // JVNDB: JVNDB-2021-004039 // VULMON: CVE-2021-24112

AFFECTED PRODUCTS

vendor:microsoftmodel:visual studio 2019scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:monoscope:ltversion:6.12.0.122

Trust: 1.0

vendor:microsoftmodel:.net corescope:lteversion:2.1.24

Trust: 1.0

vendor:microsoftmodel:monoscope:gteversion:6.12.0

Trust: 1.0

vendor:microsoftmodel:.net corescope:gteversion:2.1

Trust: 1.0

vendor:microsoftmodel:.net corescope:lteversion:3.1.11

Trust: 1.0

vendor:microsoftmodel:.netscope:gteversion:5.0

Trust: 1.0

vendor:microsoftmodel:.netscope:lteversion:5.0.2

Trust: 1.0

vendor:microsoftmodel:.net corescope:gteversion:3.1

Trust: 1.0

vendor:マイクロソフトmodel:.net corescope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:.netscope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:monoscope:eqversion:6.12.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-004039 // NVD: CVE-2021-24112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24112
value: CRITICAL

Trust: 1.0

secure@microsoft.com: CVE-2021-24112
value: HIGH

Trust: 1.0

NVD: CVE-2021-24112
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202102-681
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-24112
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-24112
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2021-24112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@microsoft.com: CVE-2021-24112
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-24112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-24112 // JVNDB: JVNDB-2021-004039 // CNNVD: CNNVD-202102-681 // NVD: CVE-2021-24112 // NVD: CVE-2021-24112

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-004039 // NVD: CVE-2021-24112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-681

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-681

PATCH

title:.NET Core Remote Code Execution Vulnerability Security Update Guideurl:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24112

Trust: 0.8

title:Microsoft .NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143004

Trust: 0.6

title:Red Hat: CVE-2021-24112url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-24112

Trust: 0.1

title:Arch Linux Advisories: [ASA-202103-17] dotnet-sdk: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202103-17

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-24112 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-202103-16] dotnet-runtime: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202103-16

Trust: 0.1

sources: VULMON: CVE-2021-24112 // JVNDB: JVNDB-2021-004039 // CNNVD: CNNVD-202102-681

EXTERNAL IDS

db:NVDid:CVE-2021-24112

Trust: 2.5

db:JVNDBid:JVNDB-2021-004039

Trust: 0.8

db:AUSCERTid:ESB-2021.2737

Trust: 0.6

db:CNNVDid:CNNVD-202102-681

Trust: 0.6

db:VULMONid:CVE-2021-24112

Trust: 0.1

sources: VULMON: CVE-2021-24112 // JVNDB: JVNDB-2021-004039 // CNNVD: CNNVD-202102-681 // NVD: CVE-2021-24112

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-24112

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-24112

Trust: 1.4

url:https://www.ipa.go.jp/security/ciadr/vul/20210210-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210008.html

Trust: 0.8

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-24112

Trust: 0.6

url:https://vigilance.fr/vulnerability/microsoft-net-core-vulnerabilities-of-february-2021-34547

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2737

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-24112

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196351

Trust: 0.1

sources: VULMON: CVE-2021-24112 // JVNDB: JVNDB-2021-004039 // CNNVD: CNNVD-202102-681 // NVD: CVE-2021-24112

SOURCES

db:VULMONid:CVE-2021-24112
db:JVNDBid:JVNDB-2021-004039
db:CNNVDid:CNNVD-202102-681
db:NVDid:CVE-2021-24112

LAST UPDATE DATE

2024-08-14T12:15:30.869000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-24112date:2021-02-26T00:00:00
db:JVNDBid:JVNDB-2021-004039date:2021-11-12T05:18:00
db:CNNVDid:CNNVD-202102-681date:2021-08-13T00:00:00
db:NVDid:CVE-2021-24112date:2023-12-29T17:15:59.173

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-24112date:2021-02-25T00:00:00
db:JVNDBid:JVNDB-2021-004039date:2021-11-12T00:00:00
db:CNNVDid:CNNVD-202102-681date:2021-02-09T00:00:00
db:NVDid:CVE-2021-24112date:2021-02-25T23:15:16.570