CVE-2017-0249

high-risk

Published 2017-05-12

An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Do I need to act?

~

5.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.3/10 High

NETWORK / LOW complexity

Affected Products (20)

Asp.Net Model View Controller

Asp.Net Model View Controller

Asp.Net Model View Controller

Microsoft.Aspnetcore.Mvc.Abstractions

Microsoft.Aspnetcore.Mvc.Abstractions

Microsoft.Aspnetcore.Mvc.Abstractions

Microsoft.Aspnetcore.Mvc.Apiexplorer

Microsoft.Aspnetcore.Mvc.Apiexplorer

Microsoft.Aspnetcore.Mvc.Apiexplorer

Microsoft.Aspnetcore.Mvc.Apiexplorer

Microsoft.Aspnetcore.Mvc.Apiexplorer

Microsoft.Aspnetcore.Mvc.Cors

Microsoft.Aspnetcore.Mvc.Cors

Microsoft.Aspnetcore.Mvc.Cors

Microsoft.Aspnetcore.Mvc.Dataannotations

Microsoft.Aspnetcore.Mvc.Dataannotations

Microsoft.Aspnetcore.Mvc.Dataannotations

Microsoft.Aspnetcore.Mvc.Formatters.Json

Microsoft.Aspnetcore.Mvc.Formatters.Json

Microsoft.Aspnetcore.Mvc.Formatters.Json

Affected Vendors

Microsoft

References (2)

Technical Description https://github.com/aspnet/Announcements/issues/239

Technical Description https://github.com/aspnet/Announcements/issues/239

65

/ 100

high-risk

Severity 26/34 · High

Exploitability 9/34 · Low

Exposure 30/34 · Critical