Detections
Analytics
Security Updates for Microsoft .NET Framework (December 2018)
critical Nessus Plugin ID 119612
Language:
Synopsis
The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.Description
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :- A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(CVE-2018-8540)
- A denial of service vulnerability exists when .NET Framework improperly handles special web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. (CVE-2018-8517)
Solution
Microsoft has released security updates for Microsoft .NET Framework.See Also
http://www.nessus.org/u?6380ea56
http://www.nessus.org/u?cc71683a
http://www.nessus.org/u?bb77a3a9
http://www.nessus.org/u?387e7480
http://www.nessus.org/u?f183eaa6
http://www.nessus.org/u?1b234efa
http://www.nessus.org/u?a5ab75ee
http://www.nessus.org/u?7b3e08e7
http://www.nessus.org/u?417b4781
http://www.nessus.org/u?8b54dbf3
http://www.nessus.org/u?7a2a924f
http://www.nessus.org/u?24e3688b
http://www.nessus.org/u?379ac7eb
http://www.nessus.org/u?b7367a8b
http://www.nessus.org/u?e5e76310
http://www.nessus.org/u?97b022e8
http://www.nessus.org/u?54221753
http://www.nessus.org/u?0dcb6757
http://www.nessus.org/u?a1f448e1
http://www.nessus.org/u?fb7cea66
http://www.nessus.org/u?71423e93
http://www.nessus.org/u?fc5d46b3
Plugin Details
Severity: Critical
ID: 119612
File Name: smb_nt_ms18_dec_dotnet.nasl
Version: 1.5
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 12/13/2018
Updated: 11/1/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2018-8540
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:.net_framework
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 12/11/2018
Vulnerability Publication Date: 12/11/2018
Reference Information
CVE: CVE-2018-8517, CVE-2018-8540
MSFT: MS18-4470491, MS18-4470492, MS18-4470493, MS18-4470498, MS18-4470499, MS18-4470500, MS18-4470502, MS18-4470600, MS18-4470601, MS18-4470602, MS18-4470622, MS18-4470623, MS18-4470629, MS18-4470630, MS18-4470637, MS18-4470638, MS18-4470639, MS18-4470640, MS18-4470641, MS18-4471321, MS18-4471323, MS18-4471324, MS18-4471327, MS18-4471329
MSKB: 4470491, 4470492, 4470493, 4470498, 4470499, 4470500, 4470502, 4470600, 4470601, 4470602, 4470622, 4470623, 4470629, 4470630, 4470637, 4470638, 4470639, 4470640, 4470641, 4471321, 4471323, 4471324, 4471327, 4471329