7.5

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft.Net Core Version1.0
Microsoft.Net Core Version2.0
MicrosoftPowershell Core Version6.0
Microsoft.Net Framework Version2.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.0 Updatesp2
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version3.5
   MicrosoftWindows 10 Version-
   MicrosoftWindows 10 Version1511
   MicrosoftWindows 10 Version1607
   MicrosoftWindows 10 Version1703
   MicrosoftWindows 10 Version1709
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version3.5.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft.Net Framework Version4.5.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Version- Updatesp2
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6
   MicrosoftWindows 10 Version-
   MicrosoftWindows Server 2008 Version- Updatesp2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 10 Version1511
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1607
   MicrosoftWindows Server 2016 Version-
Microsoft.Net Framework Version4.6
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.1
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.6.2
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 8.1 Version-
   MicrosoftWindows Rt 8.1 Version-
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2012 Version-
   MicrosoftWindows Server 2012 Versionr2
Microsoft.Net Framework Version4.7
   MicrosoftWindows 10 Version1703
Microsoft.Net Framework Version4.7.1
   MicrosoftWindows 10 Version1709
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.55% 0.808
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securitytracker.com/id/1040152
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/102380
Third Party Advisory
VDB Entry