CVE-2018-8356

moderate-risk

Published 2018-07-11

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (19)

.Net Framework

Powershell Core

.Net Core

.Net Framework Developer Pack

Asp.Net Core

Affected Vendors

Microsoft

References (6)

Third Party Advisory http://www.securityfocus.com/bid/104664

Third Party Advisory http://www.securitytracker.com/id/1041257

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356

Third Party Advisory http://www.securityfocus.com/bid/104664

Third Party Advisory http://www.securitytracker.com/id/1041257

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate