ID

VAR-202112-1833


CVE

CVE-2021-43877


TITLE

ASP.NET Core  and  Microsoft Visual Studio  Vulnerability to elevate privileges in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006050

DESCRIPTION

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. The framework is used to build cloud-based applications such as web apps, IoT apps, and mobile backends. Visual Studio Code is an open source code editor

Trust: 2.16

sources: NVD: CVE-2021-43877 // JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:6.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:eqversion:16.7

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:eqversion:3.1

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:eqversion:17.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:eqversion:5.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:eqversion:16.9

Trust: 1.0

vendor:microsoftmodel:visual studio 2019scope:eqversion:16.11

Trust: 1.0

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2019 16.11 (includes 16.0 - 16.10)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2019 16.9 (includes 16.0 - 16.8)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.0

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2019 16.7 (includes 16.0 - 16.6)

Trust: 0.8

vendor:マイクロソフトmodel:asp.net corescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // NVD: CVE-2021-43877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43877
value: HIGH

Trust: 1.0

secure@microsoft.com: CVE-2021-43877
value: HIGH

Trust: 1.0

NVD: CVE-2021-43877
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-1181
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-43877
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-43877
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

secure@microsoft.com: CVE-2021-43877
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-43877
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877 // NVD: CVE-2021-43877

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-006050 // NVD: CVE-2021-43877

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

PATCH

title:ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Security Update Guideurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43877

Trust: 0.8

title:Microsoft Visual Studio Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174413

Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181

EXTERNAL IDS

db:NVDid:CVE-2021-43877

Trust: 3.2

db:JVNDBid:JVNDB-2021-006050

Trust: 0.8

db:CS-HELPid:SB2021121451

Trust: 0.6

db:CNNVDid:CNNVD-202112-1181

Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877

REFERENCES

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-43877

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43877

Trust: 1.4

url:https://www.ipa.go.jp/security/ciadr/vul/20211215-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210051.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021121451

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-43877

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-43877

Trust: 0.6

sources: JVNDB: JVNDB-2021-006050 // CNNVD: CNNVD-202112-1181 // NVD: CVE-2021-43877

CREDITS

Rami Abughazaleh

Trust: 0.6

sources: CNNVD: CNNVD-202112-1181

SOURCES

db:JVNDBid:JVNDB-2021-006050
db:CNNVDid:CNNVD-202112-1181
db:NVDid:CVE-2021-43877

LAST UPDATE DATE

2024-08-14T13:22:59.418000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-006050date:2021-12-24T07:35:00
db:CNNVDid:CNNVD-202112-1181date:2022-07-14T00:00:00
db:NVDid:CVE-2021-43877date:2023-12-28T00:15:11.683

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-006050date:2021-12-24T00:00:00
db:CNNVDid:CNNVD-202112-1181date:2021-12-14T00:00:00
db:NVDid:CVE-2021-43877date:2021-12-15T15:15:10.950