Security Updates for Microsoft Visual Studio Products (August 2020)

high Nessus Plugin ID 139506

Synopsis

The Microsoft Visual Studio Products are affected by a denial-of-service vulnerability.

Description

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by a denial-of-service vulnerability:

- A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. (CVE-2020-1597)

Solution

Microsoft has released 15.9.26, 16.0.17, 16.4.12, and 16.7.1 to address this issue.

Plugin Details

Severity: High

ID: 139506

File Name: smb_nt_ms20_aug_visual_studio.nasl

Version: 1.7

Type: local

Agent: windows

Published: 8/11/2020

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-1597

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible, installed_sw/Microsoft Visual Studio

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2020

Vulnerability Publication Date: 8/11/2020

Reference Information

CVE: CVE-2020-1597

IAVA: 2020-A-0377-S