ID

VAR-202311-0474


CVE

CVE-2023-36558


TITLE

Microsoft's multiple  Microsoft  Vulnerabilities that bypass security features in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-007579

DESCRIPTION

ASP.NET Core - Security Feature Bypass Vulnerability. ========================================================================== Ubuntu Security Notice USN-6480-1 November 15, 2023 dotnet6, dotnet7, dotnet8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 23.04 - Ubuntu 22.04 LTS Summary: Several security issues were fixed in .NET. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime - dotnet8: dotNET CLI tools and runtime Details: Barry Dorrans discovered that .NET did not properly implement certain security features for Blazor server forms. An attacker could possibly use this issue to bypass validation, which could trigger unintended actions. (CVE-2023-36558) Piotr Bazydlo discovered that .NET did not properly handle untrusted URIs provided to System.Net.WebRequest.Create. An attacker could possibly use this issue to inject arbitrary commands to backend FTP servers. (CVE-2023-36049) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.10.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.10.1 aspnetcore-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-host 6.0.125-0ubuntu1~23.10.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-host-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-hostfxr-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-runtime-8.0 8.0.0-0ubuntu1~23.10.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.10.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.10.1 dotnet-sdk-8.0 8.0.100-0ubuntu1~23.10.1 dotnet6 6.0.125-0ubuntu1~23.10.1 dotnet7 7.0.114-0ubuntu1~23.10.1 dotnet8 8.0.100-8.0.0-0ubuntu1~23.10.1 Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-host 6.0.125-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~23.04.1 dotnet6 6.0.125-0ubuntu1~23.04.1 dotnet7 7.0.114-0ubuntu1~23.04.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.125-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-host 6.0.125-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.114-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.125-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.114-0ubuntu1~22.04.1 dotnet6 6.0.125-0ubuntu1~22.04.1 dotnet7 7.0.114-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6480-1 CVE-2023-36049, CVE-2023-36558 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1

Trust: 1.71

sources: NVD: CVE-2023-36558 // JVNDB: JVNDB-2023-007579 // PACKETSTORM: 175784

AFFECTED PRODUCTS

vendor:microsoftmodel:.netscope:ltversion:7.0.14

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:7.0.14

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.2.22

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.7.7

Trust: 1.0

vendor:microsoftmodel:.netscope:gteversion:7.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.4.14

Trust: 1.0

vendor:microsoftmodel:.netscope:eqversion:8.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.7

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:ltversion:17.6.10

Trust: 1.0

vendor:microsoftmodel:.netscope:ltversion:6.0.25

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:6.0.0

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:eqversion:8.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.2

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:ltversion:6.0.25

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.6

Trust: 1.0

vendor:microsoftmodel:.netscope:gteversion:6.0.0

Trust: 1.0

vendor:microsoftmodel:visual studio 2022scope:gteversion:17.4

Trust: 1.0

vendor:microsoftmodel:asp.net corescope:gteversion:7.0.0

Trust: 1.0

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.7

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.4

Trust: 0.8

vendor:マイクロソフトmodel:.netscope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:asp.net corescope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft visual studioscope:eqversion:2022 17.6

Trust: 0.8

sources: JVNDB: JVNDB-2023-007579 // NVD: CVE-2023-36558

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-36558
value: MEDIUM

Trust: 1.0

secure@microsoft.com: CVE-2023-36558
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-36558
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-36558
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

secure@microsoft.com: CVE-2023-36558
baseSeverity: MEDIUM
baseScore: 6.2
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-36558
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-007579 // NVD: CVE-2023-36558 // NVD: CVE-2023-36558

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-007579 // NVD: CVE-2023-36558

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 175784

PATCH

title:ASP.NET Core - Security Feature Bypass Vulnerability Security Update Guideurl:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36558

Trust: 0.8

sources: JVNDB: JVNDB-2023-007579

EXTERNAL IDS

db:NVDid:CVE-2023-36558

Trust: 2.7

db:JVNid:JVNVU93250330

Trust: 0.8

db:ICS CERTid:ICSA-24-165-04

Trust: 0.8

db:JVNDBid:JVNDB-2023-007579

Trust: 0.8

db:PACKETSTORMid:175784

Trust: 0.1

sources: JVNDB: JVNDB-2023-007579 // PACKETSTORM: 175784 // NVD: CVE-2023-36558

REFERENCES

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2023-36558

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-36558

Trust: 0.9

url:https://jvn.jp/vu/jvnvu93250330/index.html

Trust: 0.8

url:https://www.ipa.go.jp/security/security-alert/2023/1115-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2023/at230028.html

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-04

Trust: 0.8

url:https://launchpad.net/ubuntu/+source/dotnet8/8.0.100-8.0.0-0ubuntu1~23.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~22.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~22.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-36049

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet7/7.0.114-0ubuntu1~23.10.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6480-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/dotnet6/6.0.125-0ubuntu1~23.10.1

Trust: 0.1

sources: JVNDB: JVNDB-2023-007579 // PACKETSTORM: 175784 // NVD: CVE-2023-36558

CREDITS

Ubuntu

Trust: 0.1

sources: PACKETSTORM: 175784

SOURCES

db:JVNDBid:JVNDB-2023-007579
db:PACKETSTORMid:175784
db:NVDid:CVE-2023-36558

LAST UPDATE DATE

2024-08-14T12:57:09.646000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-007579date:2024-06-17T08:22:00
db:NVDid:CVE-2023-36558date:2023-11-21T20:01:19.307

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-007579date:2023-11-22T00:00:00
db:PACKETSTORMid:175784date:2023-11-16T14:52:25
db:NVDid:CVE-2023-36558date:2023-11-14T22:15:29.323