Windows : .NET Core Multiple Vulnerabilities (KB5028705, KB5028706)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.832224

Categoría: Windows

Título: .NET Core Multiple Vulnerabilities (KB5028705, KB5028706) - Windows

Resumen: .NET Core prone to security feature bypass; and elevation of privilege vulnerabilities.

Descripción: Summary:
.NET Core prone to security feature bypass
and elevation of privilege vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to,

- A vulnerability exists in .NET applications where the diagnostic server can be
exploited to achieve cross-session/cross-user elevation of privilege (EoP) and
code execution.

- A vulnerability exists in ASP.NET Core applications where account lockout
maximum failed attempts may not be immediately updated, allowing an attacker to
try more passwords.

Vulnerability Impact:
Successful exploitation would allow an attacker
to bypass security restrictions, achieve cross-session/cross-user elevation of
privilege (EoP) and code execution.

Affected Software/OS:
.NET Core runtime 6.0 before 6.0.20, 7.0 before
7.0.9 and .NET Core SDK before 6.0.120, 6.0.315, 7.0.306.

Solution:
Upgrade .NET Core runtimes to versions
6.0.20 or 7.0.9 or later or upgrade .NET Core SDK to versions 6.0.120 or 6.0.315 or
7.0.306 or later.

CVSS Score:
7.6

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-33170
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/
Common Vulnerability Exposure (CVE) ID: CVE-2023-33127
.NET and Visual Studio Elevation of Privilege Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127

Copyright Copyright (C) 2023 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.832224
Categoría:	Windows
Título:	.NET Core Multiple Vulnerabilities (KB5028705, KB5028706) - Windows
Resumen:	.NET Core prone to security feature bypass; and elevation of privilege vulnerabilities.
Descripción:	Summary: .NET Core prone to security feature bypass and elevation of privilege vulnerabilities. Vulnerability Insight: Multiple flaws exist due to, - A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege (EoP) and code execution. - A vulnerability exists in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. Vulnerability Impact: Successful exploitation would allow an attacker to bypass security restrictions, achieve cross-session/cross-user elevation of privilege (EoP) and code execution. Affected Software/OS: .NET Core runtime 6.0 before 6.0.20, 7.0 before 7.0.9 and .NET Core SDK before 6.0.120, 6.0.315, 7.0.306. Solution: Upgrade .NET Core runtimes to versions 6.0.20 or 7.0.9 or later or upgrade .NET Core SDK to versions 6.0.120 or 6.0.315 or 7.0.306 or later. CVSS Score: 7.6 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-33170 ASP.NET and Visual Studio Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/ Common Vulnerability Exposure (CVE) ID: CVE-2023-33127 .NET and Visual Studio Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127
Copyright	Copyright (C) 2023 Greenbone AG