Details of VAR-202112-1833

ID

VAR-202112-1833

CVE

CVE-2021-43877

TITLE

ASP.NET Core and Microsoft Visual Studio Vulnerability to elevate privileges in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006050

DESCRIPTION

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor

Trust: 2.16

sources: NVD: CVE-2021-43877 // JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181

AFFECTED PRODUCTS

vendor:	microsoft	model:	asp.net core	scope:	eq	version:	6.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	eq	version:	16.7	Trust: 1.0
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	3.1	Trust: 1.0
vendor:	microsoft	model:	visual studio 2022	scope:	eq	version:	17.0	Trust: 1.0
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	5.0	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	eq	version:	16.9	Trust: 1.0
vendor:	microsoft	model:	visual studio 2019	scope:	eq	version:	16.11	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2019 16.11 (includes 16.0 - 16.10)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2019 16.9 (includes 16.0 - 16.8)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2022 17.0	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft visual studio	scope:	eq	version:	2019 16.7 (includes 16.0 - 16.6)	Trust: 0.8
vendor:	マイクロソフト	model:	asp.net core	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // NVD: CVE-2021-43877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43877
value:	HIGH
Trust: 1.0
secure@microsoft.com:	CVE-2021-43877
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-43877
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-1181
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-43877
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-43877
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@microsoft.com:	CVE-2021-43877
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-43877
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877 // NVD: CVE-2021-43877

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // NVD: CVE-2021-43877

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

PATCH

title:	ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Security Update Guide	url:	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877	Trust: 0.8
title:	Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174413	Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43877	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-006050	Trust: 0.8
db:	CS-HELP	id:	SB2021121451	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-1181	Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877

REFERENCES

url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-43877	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43877	Trust: 1.4
url:	https://www.ipa.go.jp/security/ciadr/vul/20211215-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210051.html	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021121451	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-43877	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-43877	Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877

CREDITS

Rami Abughazaleh

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

SOURCES

db:	JVNDB	id:	JVNDB-2021-006050
db:	CNNVD	id:	CNNVD-202112-1181
db:	NVD	id:	CVE-2021-43877

LAST UPDATE DATE

2024-08-14T13:22:59.418000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-006050	date:	2021-12-24T07:35:00
db:	CNNVD	id:	CNNVD-202112-1181	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-43877	date:	2023-12-28T00:15:11.683

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-006050	date:	2021-12-24T00:00:00
db:	CNNVD	id:	CNNVD-202112-1181	date:	2021-12-14T00:00:00
db:	NVD	id:	CVE-2021-43877	date:	2021-12-15T15:15:10.950