DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-31204", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-31204", "description": ".NET and Visual Studio Elevation of Privilege Vulnerability", "published": "2021-05-11T19:15:00", "modified": "2022-05-03T16:04:00", "epss": [{"cve": "CVE-2021-31204", "epss": 0.0005, "percentile": 0.17009, "modified": "2023-05-27"}], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.6}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31204", "reporter": "secure@microsoft.com", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/"], "cvelist": ["CVE-2021-31204"], "immutableFields": [], "lastseen": "2023-05-27T14:42:10", "viewCount": 110, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2036", "ALSA-2021:2037"]}, {"type": "altlinux", "idList": ["01180C55C3214E2412ECB8427CA03E43", "0A8B4F7539A685F6CFE70F6AD2395477", "551C54E499C0DD394544C6AAD788CCC1", "6D6DC73488675F6D3E05017E1C3E90F5", "97248F752AEF925BD9D225D99FD71A8A", "EDB233F729B420FA5E11C1D56696F904"]}, {"type": "archlinux", "idList": ["ASA-202105-20", "ASA-202105-21", "ASA-202105-22", "ASA-202105-23"]}, {"type": "fedora", "idList": ["FEDORA:004B430A6E02", "FEDORA:8B35130B73F7", "FEDORA:971FF30B86D6", "FEDORA:A44F930A5958", "FEDORA:C53B3304C267", "FEDORA:D3BC1304C267"]}, {"type": "kaspersky", "idList": ["KLA12173"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31204"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-2036.NASL", "CENTOS8_RHSA-2021-2037.NASL", "MACOS_MS21_MAY_DOTNET_CORE.NASL", "ORACLELINUX_ELSA-2021-2036.NASL", "ORACLELINUX_ELSA-2021-2037.NASL", "REDHAT-RHSA-2021-1546.NASL", "REDHAT-RHSA-2021-1547.NASL", "REDHAT-RHSA-2021-2036.NASL", "REDHAT-RHSA-2021-2037.NASL", "SMB_NT_MS21_MAY_DOTNET_CORE.NASL", "SMB_NT_MS21_MAY_VISUAL_STUDIO.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2036", "ELSA-2021-2037"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "redhat", "idList": ["RHSA-2021:1546", "RHSA-2021:1547", "RHSA-2021:2036", "RHSA-2021:2037"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31204"]}, {"type": "threatpost", "idList": ["THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C"]}]}, "score": {"value": 3.2, "vector": "NONE"}, "twitter": {"counter": 13, "modified": "2021-05-22T07:54:01", "tweets": [{"link": "https://twitter.com/GrupoICA_Ciber/status/1395287056553758723", "text": "MICROSOFT\nM\u00faltiples vulnerabilidades de severidad alta en productos MICROSOFT: \n\nCVE-2021-31211,CVE-2021-31209,CVE-2021-31208,CVE-2021-31204\n\nM\u00e1s info en: https://t.co/dFnEK8dXB0?amp=1\n/hashtag/ciberseguridad?src=hashtag_click /hashtag/grupoica?src=hashtag_click /hashtag/microsoft?src=hashtag_click"}, {"link": "https://twitter.com/CswWorks/status/1398942417940844550", "text": "Microsoft issued patches for 55 security vulnerabilities, including three zero-day vulnerabilities (CVE-2021-31207, CVE-2021-31200, and CVE-2021-31204).\n\nRead more - https://t.co/TS9vyBGwoA?amp=1\n/hashtag/SecurityDebt?src=hashtag_click /hashtag/VulnerabilityManagement?src=hashtag_click /hashtag/Patches?src=hashtag_click /hashtag/SecurityUpdates?src=hashtag_click /hashtag/CyberSecurity?src=hashtag_click"}, {"link": "https://twitter.com/vigilance_fr/status/1393221829192466440", "text": "Vigil@nce /hashtag/Vuln\u00e9rabilit\u00e9?src=hashtag_click de Microsoft .NET Core : \u00e9l\u00e9vation de privil\u00e8ges. https://t.co/bexCyW4vAY?amp=1 R\u00e9f\u00e9rences : /hashtag/CVE?src=hashtag_click-2021-31204. /hashtag/infosec?src=hashtag_click"}, {"link": "https://twitter.com/vigilance_fr/status/1393448321117794305", "text": "Vigil@nce /hashtag/Vuln\u00e9rabilit\u00e9?src=hashtag_click de Microsoft Visual Studio : vuln\u00e9rabilit\u00e9s de mai 2021. https://t.co/O10X0ISCLx?amp=1 R\u00e9f\u00e9rences : /hashtag/CVE?src=hashtag_click-2021-27068, /hashtag/CVE?src=hashtag_click-2021-31204, /hashtag/CVE?src=hashtag_click-2021-31211. /hashtag/bulletin?src=hashtag_click"}, {"link": "https://twitter.com/BeClever_ITS/status/1392739692144115713", "text": "/hashtag/MicrosoftPatchTuesday?src=hashtag_click corrige 55 /hashtag/vulnerabilidades?src=hashtag_click, 3 /hashtag/Zeroday?src=hashtag_click\n CVE-2021-31204, elevaci\u00f3n de privilegios en .NET y Visual Studio\n CVE-2021-31207, omisi\u00f3n de seguridad Exchange\n CVE-2021-31200, ejecuci\u00f3n remota de c\u00f3digo\n/hashtag/IdentityForSecurity?src=hashtag_click /hashtag/IAM?src=hashtag_click https://t.co/GDjiOToGMK?amp=1"}, {"link": "https://twitter.com/BeClever_ITS/status/1392739692144115713", "text": "/hashtag/MicrosoftPatchTuesday?src=hashtag_click corrige 55 /hashtag/vulnerabilidades?src=hashtag_click, 3 /hashtag/Zeroday?src=hashtag_click\n CVE-2021-31204, elevaci\u00f3n de privilegios en .NET y Visual Studio\n CVE-2021-31207, omisi\u00f3n de seguridad Exchange\n CVE-2021-31200, ejecuci\u00f3n remota de c\u00f3digo\n/hashtag/IdentityForSecurity?src=hashtag_click /hashtag/IAM?src=hashtag_click https://t.co/GDjiOToGMK?amp=1"}, {"link": "https://twitter.com/vigilance_en/status/1393221833042939904", "text": "Vigil@nce /hashtag/Vulnerability?src=hashtag_click of Microsoft .NET Core: privilege escalation. https://t.co/HlFxJ2VTvY?amp=1 Identifiers: /hashtag/CVE?src=hashtag_click-2021-31204. /hashtag/infosec?src=hashtag_click"}, {"link": "https://twitter.com/threatintelctr/status/1394601261119455240", "text": " NEW: CVE-2021-31204 .NET and Visual Studio Elevation of Privilege Vulnerability Severity: [object Object] https://t.co/MIiI9xmf3r?amp=1"}, {"link": "https://twitter.com/MKURIB/status/1392791239716524034", "text": "Visual Studio 2019 for Mac v8.9 - Release Notes | Microsoft Docs \nVisual Studio 2019 for Mac version 8.9.9 (8.9.9.3)\nreleased May 11, 2021\nWeb and Azure\nWe updated .NET Core SDKs to 5.0.203 and 3.1.409 addressing CVE-2021-31204"}, {"link": "https://twitter.com/WolfgangSesin/status/1393066102930935810", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-31204) has been published on https://t.co/f721LEwwrD?amp=1"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:2036", "ALSA-2021:2037"]}, {"type": "archlinux", "idList": ["ASA-202105-20", "ASA-202105-21", "ASA-202105-22", "ASA-202105-23"]}, {"type": "fedora", "idList": ["FEDORA:004B430A6E02", "FEDORA:8B35130B73F7", "FEDORA:971FF30B86D6", "FEDORA:A44F930A5958", "FEDORA:C53B3304C267", "FEDORA:D3BC1304C267"]}, {"type": "kaspersky", "idList": ["KLA12173"]}, {"type": "mscve", "idList": ["MS:CVE-2021-31204"]}, {"type": "nessus", "idList": ["CENTOS8_RHSA-2021-2036.NASL", "CENTOS8_RHSA-2021-2037.NASL", "MACOS_MS21_MAY_DOTNET_CORE.NASL", "ORACLELINUX_ELSA-2021-2036.NASL", "ORACLELINUX_ELSA-2021-2037.NASL", "REDHAT-RHSA-2021-1546.NASL", "REDHAT-RHSA-2021-1547.NASL", "REDHAT-RHSA-2021-2036.NASL", "REDHAT-RHSA-2021-2037.NASL", "SMB_NT_MS21_MAY_DOTNET_CORE.NASL", "SMB_NT_MS21_MAY_VISUAL_STUDIO.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2036", "ELSA-2021-2037"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E"]}, {"type": "redhat", "idList": ["RHSA-2021:1546"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-31204"]}, {"type": "threatpost", "idList": ["THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "microsoft visual studio 2019", "version": 16}, {"name": "microsoft visual studio 2019", "version": 16}, {"name": "microsoft visual studio 2019", "version": 16}, {"name": "microsoft visual studio 2019", "version": 8}, {"name": "microsoft .net", "version": 5}, {"name": "microsoft .net core", "version": 3}, {"name": "fedoraproject fedora", "version": 32}, {"name": "fedoraproject fedora", "version": 33}, {"name": "fedoraproject fedora", "version": 34}]}, "epss": [{"cve": "CVE-2021-31204", "epss": 0.0005, "percentile": 0.16933, "modified": "2023-05-07"}], "vulnersScore": 3.2}, "_state": {"dependencies": 1685211539, "score": 1685200094, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "c9fa2812d310054992047e4babcd7e63"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:microsoft:.net:5.0.5", "cpe:/a:microsoft:visual_studio_2019:8.9", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/a:microsoft:.net_core:3.1.14", "cpe:/o:fedoraproject:fedora:34"], "cpe23": ["cpe:2.3:a:microsoft:.net_core:3.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:8.9:*:*:*:*:macos:*:*", "cpe:2.3:a:microsoft:.net:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "microsoft:visual_studio_2019", "version": "16.9.5", "operator": "lt", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:visual_studio_2019", "version": "16.7.15", "operator": "lt", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:visual_studio_2019", "version": "16.4.22", "operator": "lt", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:visual_studio_2019", "version": "8.9", "operator": "eq", "name": "microsoft visual studio 2019"}, {"cpeName": "microsoft:.net", "version": "5.0.5", "operator": "le", "name": "microsoft .net"}, {"cpeName": "microsoft:.net_core", "version": "3.1.14", "operator": "le", "name": "microsoft .net core"}, {"cpeName": "fedoraproject:fedora", "version": "32", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.9.5:*:*:*:*:*:*:*", "versionStartIncluding": "16.8.0", "versionEndExcluding": "16.9.5", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.7.15:*:*:*:*:*:*:*", "versionStartIncluding": "16.5.0", "versionEndExcluding": "16.7.15", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:16.4.22:*:*:*:*:*:*:*", "versionStartIncluding": "16.0", "versionEndExcluding": "16.4.22", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2019:8.9:*:*:*:*:macos:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:.net:5.0.5:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndIncluding": "5.0.5", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:microsoft:.net_core:3.1.14:*:*:*:*:*:*:*", "versionStartIncluding": "3.1", "versionEndIncluding": "3.1.14", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204", "name": "N/A", "refsource": "N/A", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/", "name": "FEDORA-2021-a3c205f5b2", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/", "name": "FEDORA-2021-f25eb9e302", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/", "name": "FEDORA-2021-721731dc86", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/", "name": "FEDORA-2021-13e3bd248f", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/", "name": "FEDORA-2021-d551431950", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/", "name": "FEDORA-2021-c06b64b5ee", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Microsoft", "product": "Visual Studio 2019 for Mac version 8.9"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)"}, {"vendor": "Microsoft", "product": ".NET Core"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)"}, {"vendor": "Microsoft", "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u00e2\u20ac\u201c 16.6)"}, {"vendor": "Microsoft", "product": ".NET 5.0"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"nessus": [{"lastseen": "2023-05-18T15:29:12", "description": "The Microsoft .NET Core installation on the remote host is version 3.1.x prior to 3.1.15 or 5.x prior to 5.0.6. It is, therefore, affected by a privilege elevation vulnerability. An authenticated, local attacker can exploit this to elevate their privileges.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "Security Update for .NET Core (May 2021) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2021-06-11T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "MACOS_MS21_MAY_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/149472", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149472);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/11\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"Security Update for .NET Core (May 2021) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote macOS host is affected by a .NET Core privilege elevation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Core installation on the remote host is version 3.1.x prior to 3.1.15 or 5.x prior to 5.0.6. It is,\ntherefore, affected by a privilege elevation vulnerability. An authenticated, local attacker can exploit this to elevate\ntheir privileges.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet-core/3.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet/5.0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://devblogs.microsoft.com/dotnet/net-may-2021/\");\n # https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.15/3.1.15.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf5a364b\");\n # https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.6/5.0.6.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f5cbba7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update .NET Core, remove vulnerable packages and refer to vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_dotnet_core_installed.nbin\");\n script_require_keys(\"installed_sw/.NET Core MacOS\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app = '.NET Core MacOS';\nvar app_info = vcf::get_app_info(app:app);\n\nvar constraints = [\n { 'min_version' : '3.1', 'fixed_version' : '3.1.15' },\n { 'min_version' : '5.0', 'fixed_version' : '5.0.6' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:51", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2036 advisory.\n\n - .NET and Visual Studio Elevation of Privilege Vulnerability (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-29T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : dotnet5.0 (ELSA-2021-2036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-29T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-host", "p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0", "p-cpe:/a:oracle:linux:dotnet-runtime-5.0", "p-cpe:/a:oracle:linux:dotnet-sdk-5.0", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0", "p-cpe:/a:oracle:linux:dotnet-templates-5.0", "p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1"], "id": "ORACLELINUX_ELSA-2021-2036.NASL", "href": "https://www.tenable.com/plugins/nessus/150063", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2036.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150063);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/29\");\n\n script_cve_id(\"CVE-2021-31204\");\n\n script_name(english:\"Oracle Linux 8 : dotnet5.0 (ELSA-2021-2036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-2036 advisory.\n\n - .NET and Visual Studio Elevation of Privilege Vulnerability (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2036.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.203-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.203-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.6-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.203-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.203-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2036 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : dotnet5.0 (RHSA-2021:2036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-5.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-2036.NASL", "href": "https://www.tenable.com/plugins/nessus/149723", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2036. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149723);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:2036\");\n script_xref(name:\"IAVA\", value:\"2021-A-0220-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"RHEL 8 : dotnet5.0 (RHSA-2021:2036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2036 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956815\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.203-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.203-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.6-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.203-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.203-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.203-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.203-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.6-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.203-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.203-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:43", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1546 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:1546)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-apphost-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-hostfxr-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-runtime-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-sdk-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-targeting-pack-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-templates-5.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-1546.NASL", "href": "https://www.tenable.com/plugins/nessus/149443", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1546. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149443);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:1546\");\n script_xref(name:\"IAVA\", value:\"2021-A-0220-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"RHEL 7 : .NET 5.0 on Red Hat Enterprise Linux (RHSA-2021:1546)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1546 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956815\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet50-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet50-aspnetcore-runtime-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-5.0.203-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-apphost-pack-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-host-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-hostfxr-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-runtime-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-sdk-5.0-5.0.203-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-targeting-pack-5.0-5.0.6-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-dotnet-templates-5.0-5.0.203-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'},\n {'reference':'rh-dotnet50-netstandard-targeting-pack-2.1-5.0.203-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet50'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet50-aspnetcore-runtime-5.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:22", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2036 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-30T00:00:00", "type": "nessus", "title": "CentOS 8 : dotnet5.0 (CESA-2021:2036)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:aspnetcore-runtime-5.0", "p-cpe:/a:centos:centos:aspnetcore-targeting-pack-5.0", "p-cpe:/a:centos:centos:dotnet", "p-cpe:/a:centos:centos:dotnet-apphost-pack-5.0", "p-cpe:/a:centos:centos:dotnet-host", "p-cpe:/a:centos:centos:dotnet-hostfxr-5.0", "p-cpe:/a:centos:centos:dotnet-runtime-5.0", "p-cpe:/a:centos:centos:dotnet-sdk-5.0", "p-cpe:/a:centos:centos:dotnet-targeting-pack-5.0", "p-cpe:/a:centos:centos:dotnet-templates-5.0", "p-cpe:/a:centos:centos:netstandard-targeting-pack-2.1"], "id": "CENTOS8_RHSA-2021-2036.NASL", "href": "https://www.tenable.com/plugins/nessus/150064", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2036. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150064);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:2036\");\n\n script_name(english:\"CentOS 8 : dotnet5.0 (CESA-2021:2036)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:2036 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2036\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:aspnetcore-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:aspnetcore-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-apphost-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-hostfxr-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-runtime-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-sdk-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-targeting-pack-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-templates-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-5.0-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-5.0-5.0.6-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-5.0-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-5.0.203-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-5.0 / aspnetcore-targeting-pack-5.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:54", "description": "This plugin has been deprecated by macos_ms21_may_dotnet_core.nasl (plugin ID 149472). CVE-2021-31204 does not apply to Windows.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Security Update for .NET Core (May 2021) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS21_MAY_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/149438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2021/05/13. Deprecated by macos_ms21_may_dotnet_core.nasl.\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149438);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"Security Update for .NET Core (May 2021) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated by macos_ms21_may_dotnet_core.nasl (plugin ID 149472). CVE-2021-31204 does not apply\nto Windows.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet-core/3.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet/5.0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://devblogs.microsoft.com/dotnet/net-may-2021/\");\n # https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.15/3.1.15.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf5a364b\");\n # https://github.com/dotnet/core/blob/main/release-notes/5.0/5.0.6/5.0.6.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f5cbba7\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_win.nbin\");\n script_require_keys(\"installed_sw/.NET Core Windows\");\n\n exit(0);\n}\n\nexit(0, 'This plugin has been deprecated. Use macos_ms21_may_dotnet_core.nasl (plugin ID 149472) instead.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:19", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1547 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET Core 3.1 on Red Hat Enterprise Linux (RHSA-2021:1547)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2021-1547.NASL", "href": "https://www.tenable.com/plugins/nessus/149442", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1547. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149442);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:1547\");\n script_xref(name:\"IAVA\", value:\"2021-A-0220-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"RHEL 7 : .NET Core 3.1 on Red Hat Enterprise Linux (RHSA-2021:1547)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:1547 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956815\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet31-aspnetcore-runtime-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-3.1.115-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-apphost-pack-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-host-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-hostfxr-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-runtime-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-sdk-3.1-3.1.115-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-targeting-pack-3.1-3.1.15-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-templates-3.1-3.1.115-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-netstandard-targeting-pack-2.1-3.1.115-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet31-aspnetcore-runtime-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:18", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2037 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : dotnet3.1 (RHSA-2021:2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1", "cpe:/o:redhat:rhel_aus:8.6", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1", "cpe:/o:redhat:rhel_e4s:8.4", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1", "cpe:/o:redhat:rhel_e4s:8.6", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1", "cpe:/o:redhat:rhel_eus:8.4", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6"], "id": "REDHAT-RHSA-2021-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/149722", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2037. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149722);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:2037\");\n script_xref(name:\"IAVA\", value:\"2021-A-0220-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0218-S\");\n\n script_name(english:\"RHEL 8 : dotnet3.1 (RHSA-2021:2037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:2037 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1956815\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.115-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.15-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.115-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.115-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.15-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.115-1.el8_4', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.115-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.115-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:37", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-2037 advisory.\n\n - .NET and Visual Studio Elevation of Privilege Vulnerability (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-29T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : dotnet3.1 (ELSA-2021-2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-29T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-3.1", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-hostfxr-3.1", "p-cpe:/a:oracle:linux:dotnet-runtime-3.1", "p-cpe:/a:oracle:linux:dotnet-sdk-3.1", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-3.1", "p-cpe:/a:oracle:linux:dotnet-templates-3.1"], "id": "ORACLELINUX_ELSA-2021-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/150060", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2037.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150060);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/29\");\n\n script_cve_id(\"CVE-2021-31204\");\n\n script_name(english:\"Oracle Linux 8 : dotnet3.1 (ELSA-2021-2037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-2037 advisory.\n\n - .NET and Visual Studio Elevation of Privilege Vulnerability (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2037.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-3.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.115-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.15-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.115-1.0.1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / dotnet-apphost-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:09:01", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:2037 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-30T00:00:00", "type": "nessus", "title": "CentOS 8 : dotnet3.1 (CESA-2021:2037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-31204"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:aspnetcore-runtime-3.1", "p-cpe:/a:centos:centos:aspnetcore-targeting-pack-3.1", "p-cpe:/a:centos:centos:dotnet-apphost-pack-3.1", "p-cpe:/a:centos:centos:dotnet-hostfxr-3.1", "p-cpe:/a:centos:centos:dotnet-runtime-3.1", "p-cpe:/a:centos:centos:dotnet-sdk-3.1", "p-cpe:/a:centos:centos:dotnet-targeting-pack-3.1", "p-cpe:/a:centos:centos:dotnet-templates-3.1"], "id": "CENTOS8_RHSA-2021-2037.NASL", "href": "https://www.tenable.com/plugins/nessus/150065", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2037. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150065);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\"CVE-2021-31204\");\n script_xref(name:\"RHSA\", value:\"2021:2037\");\n\n script_name(english:\"CentOS 8 : dotnet3.1 (CESA-2021:2037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:2037 advisory.\n\n - dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2037\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-31204\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:dotnet-templates-3.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.115-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.15-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.115-1.el8_4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:54", "description": "The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the multiple vulnerabilities, including the following:\n\n - A remote code execution vulnerability exists in Visual Studio. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands (CVE-2021-27068). \n\n - A privilege escalation vulnerability exists in Visual Studio. An authenticated, local attacker can exploit this to escalate their privileges of an affected system (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (May 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-27068", "CVE-2021-31204"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS21_MAY_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/149436", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149436);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\"CVE-2021-27068\", \"CVE-2021-31204\");\n script_xref(name:\"IAVA\", value:\"2021-A-0220-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (May 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the multiple\nvulnerabilities, including the following:\n\n - A remote code execution vulnerability exists in Visual Studio. An unauthenticated, remote attacker can\n exploit this to bypass authentication and execute arbitrary commands (CVE-2021-27068). \n\n - A privilege escalation vulnerability exists in Visual Studio. An authenticated, local attacker can \n exploit this to escalate their privileges of an affected system (CVE-2021-31204)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.36\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e238a3e\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.4#16.4.22\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f7f7927\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.7#16.7.15\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6da57842\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.9.5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b804329\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 15.9.36 for Visual Studio 2017\n - Update 16.4.22 for Visual Studio 2019\n - Update 16.7.15 for Visual Studio 2019\n - Update 16.9.5 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27068\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('install_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nvar port = kb_smb_transport();\nvar appname = 'Microsoft Visual Studio';\nvar installs = get_installs(app_name:appname, exit_if_not_found:TRUE);\nvar report = '';\n\nforeach var install (installs[1])\n{\n var version = install['version'];\n var path = install['path'];\n var prod = install['product_version'];\n var fix = '';\n\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2017\n # VS 2017\n if (prod == '2017')\n {\n fix = '15.9.28307.1525';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # https://docs.microsoft.com/en-us/visualstudio/install/visual-studio-build-numbers-and-release-dates?view=vs-2019\n #\n # VS 2019 Version 16.0-4\n else if (prod == '2019' && version =~ \"^16\\.[0-4]\\.\")\n {\n fix = '16.4.31229.387';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.5-7\n else if (prod == '2019' && version =~ \"^16\\.[5-7]\\.\")\n {\n fix = '16.7.31229.181';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.8-9\n else if (prod == '2019' && version =~ \"^16\\.[89]\\.\")\n {\n fix = '16.9.31229.75';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nhotfix_check_fversion_end();\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-08-16T04:52:07", "description": ".NET and Visual Studio Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T19:15:00", "type": "prion", "title": "CVE-2021-31204", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2022-05-03T16:04:00", "id": "PRION:CVE-2021-31204", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-31204", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2023-05-27T16:21:16", "description": "Arch Linux Security Advisory ASA-202105-22\n==========================================\n\nSeverity: Medium\nDate : 2021-05-25\nCVE-ID : CVE-2021-31204\nPackage : dotnet-runtime-3.1\nType : privilege escalation\nRemote : No\nLink : https://security.archlinux.org/AVG-1945\n\nSummary\n=======\n\nThe package dotnet-runtime-3.1 before version 3.1.15.sdk115-1 is\nvulnerable to privilege escalation.\n\nResolution\n==========\n\nUpgrade to 3.1.15.sdk115-1.\n\n# pacman -Syu \"dotnet-runtime-3.1>=3.1.15.sdk115-1\"\n\nThe problem has been fixed upstream in version 3.1.15.sdk115.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn elevation of privilege vulnerability exists in .NET 5.0 and .NET\nCore 3.1 when a user runs a single file application on operating\nsystems based on Linux or macOS. The issue is fixed in .NET 5.0,\nRuntime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15\nand SDK 3.1.115.\n\nImpact\n======\n\nAn attacker could elevate privileges from a crafted single file\napplication.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204\nhttps://github.com/dotnet/announcements/issues/185\nhttps://security.archlinux.org/CVE-2021-31204", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "archlinux", "title": "[ASA-202105-22] dotnet-runtime-3.1: privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-25T00:00:00", "id": "ASA-202105-22", "href": "https://security.archlinux.org/ASA-202105-22", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:16", "description": "Arch Linux Security Advisory ASA-202105-21\n==========================================\n\nSeverity: Medium\nDate : 2021-05-25\nCVE-ID : CVE-2021-31204\nPackage : dotnet-runtime\nType : privilege escalation\nRemote : No\nLink : https://security.archlinux.org/AVG-1944\n\nSummary\n=======\n\nThe package dotnet-runtime before version 5.0.6.sdk203-1 is vulnerable\nto privilege escalation.\n\nResolution\n==========\n\nUpgrade to 5.0.6.sdk203-1.\n\n# pacman -Syu \"dotnet-runtime>=5.0.6.sdk203-1\"\n\nThe problem has been fixed upstream in version 5.0.6.sdk203.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn elevation of privilege vulnerability exists in .NET 5.0 and .NET\nCore 3.1 when a user runs a single file application on operating\nsystems based on Linux or macOS. The issue is fixed in .NET 5.0,\nRuntime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15\nand SDK 3.1.115.\n\nImpact\n======\n\nAn attacker could elevate privileges from a crafted single file\napplication.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204\nhttps://github.com/dotnet/announcements/issues/185\nhttps://security.archlinux.org/CVE-2021-31204", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "archlinux", "title": "[ASA-202105-21] dotnet-runtime: privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-25T00:00:00", "id": "ASA-202105-21", "href": "https://security.archlinux.org/ASA-202105-21", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:16", "description": "Arch Linux Security Advisory ASA-202105-23\n==========================================\n\nSeverity: Medium\nDate : 2021-05-25\nCVE-ID : CVE-2021-31204\nPackage : dotnet-sdk-3.1\nType : privilege escalation\nRemote : No\nLink : https://security.archlinux.org/AVG-1945\n\nSummary\n=======\n\nThe package dotnet-sdk-3.1 before version 3.1.15.sdk115-1 is vulnerable\nto privilege escalation.\n\nResolution\n==========\n\nUpgrade to 3.1.15.sdk115-1.\n\n# pacman -Syu \"dotnet-sdk-3.1>=3.1.15.sdk115-1\"\n\nThe problem has been fixed upstream in version 3.1.15.sdk115.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn elevation of privilege vulnerability exists in .NET 5.0 and .NET\nCore 3.1 when a user runs a single file application on operating\nsystems based on Linux or macOS. The issue is fixed in .NET 5.0,\nRuntime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15\nand SDK 3.1.115.\n\nImpact\n======\n\nAn attacker could elevate privileges from a crafted single file\napplication.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204\nhttps://github.com/dotnet/announcements/issues/185\nhttps://security.archlinux.org/CVE-2021-31204", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "archlinux", "title": "[ASA-202105-23] dotnet-sdk-3.1: privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-25T00:00:00", "id": "ASA-202105-23", "href": "https://security.archlinux.org/ASA-202105-23", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:16", "description": "Arch Linux Security Advisory ASA-202105-20\n==========================================\n\nSeverity: Medium\nDate : 2021-05-25\nCVE-ID : CVE-2021-31204\nPackage : dotnet-sdk\nType : privilege escalation\nRemote : No\nLink : https://security.archlinux.org/AVG-1944\n\nSummary\n=======\n\nThe package dotnet-sdk before version 5.0.6.sdk203-1 is vulnerable to\nprivilege escalation.\n\nResolution\n==========\n\nUpgrade to 5.0.6.sdk203-1.\n\n# pacman -Syu \"dotnet-sdk>=5.0.6.sdk203-1\"\n\nThe problem has been fixed upstream in version 5.0.6.sdk203.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nAn elevation of privilege vulnerability exists in .NET 5.0 and .NET\nCore 3.1 when a user runs a single file application on operating\nsystems based on Linux or macOS. The issue is fixed in .NET 5.0,\nRuntime 5.0.6 and SDK 5.0.203, as well as .NET Core 3.1, Runtime 3.1.15\nand SDK 3.1.115.\n\nImpact\n======\n\nAn attacker could elevate privileges from a crafted single file\napplication.\n\nReferences\n==========\n\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204\nhttps://github.com/dotnet/announcements/issues/185\nhttps://security.archlinux.org/CVE-2021-31204", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "archlinux", "title": "[ASA-202105-20] dotnet-sdk: privilege escalation", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-25T00:00:00", "id": "ASA-202105-20", "href": "https://security.archlinux.org/ASA-202105-20", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2023-05-27T14:49:24", "description": ".NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T01:06:33", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: dotnet3.1-3.1.115-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T01:06:33", "id": "FEDORA:8B35130B73F7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": ".NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T00:48:06", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: dotnet3.1-3.1.115-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T00:48:06", "id": "FEDORA:C53B3304C267", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": ".NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T00:48:05", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: dotnet5.0-5.0.203-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T00:48:05", "id": "FEDORA:D3BC1304C267", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": ".NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T01:06:32", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: dotnet5.0-5.0.203-1.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T01:06:32", "id": "FEDORA:971FF30B86D6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": ".NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T01:01:35", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: dotnet5.0-5.0.203-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T01:01:35", "id": "FEDORA:004B430A6E02", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:49:24", "description": ".NET Core is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET Core contains a runtime conforming to .NET Standards a set of framework libraries, an SDK containing compilers and a 'dotnet' application to drive everything. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T01:01:36", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: dotnet3.1-3.1.115-1.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-18T01:01:36", "id": "FEDORA:A44F930A5958", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-05-27T16:21:06", "description": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T07:18:50", "type": "redhat", "title": "(RHSA-2021:2037) Important: dotnet3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-19T09:31:51", "id": "RHSA-2021:2037", "href": "https://access.redhat.com/errata/RHSA-2021:2037", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:06", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-12T07:32:22", "type": "redhat", "title": "(RHSA-2021:1546) Important: .NET 5.0 on Red Hat Enterprise Linux security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-12T07:59:14", "id": "RHSA-2021:1546", "href": "https://access.redhat.com/errata/RHSA-2021:1546", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:06", "description": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-12T07:33:08", "type": "redhat", "title": "(RHSA-2021:1547) Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-12T08:25:18", "id": "RHSA-2021:1547", "href": "https://access.redhat.com/errata/RHSA-2021:1547", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T16:21:06", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T07:18:44", "type": "redhat", "title": "(RHSA-2021:2036) Important: dotnet5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-19T09:44:13", "id": "RHSA-2021:2036", "href": "https://access.redhat.com/errata/RHSA-2021:2036", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:12", "description": "[5.0.203-1.0.1]\n- Add support for new Oracle release\n[5.0.203-1]\n- Update to .NET SDK 5.0.203 and Runtime 5.0.6\n- Resolves: RHBZ#1954328\n[5.0.202-1]\n- Update to .NET SDK 5.0.202 and Runtime 5.0.5\n- Resolves: RHBZ#1947662", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-29T00:00:00", "type": "oraclelinux", "title": "dotnet5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-29T00:00:00", "id": "ELSA-2021-2036", "href": "http://linux.oracle.com/errata/ELSA-2021-2036.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:32", "description": "[3.1.115-1.0.1]\n- Update patch to support 8.3 (alexander.burmashev@oracle.com)\n- support OL release scheme (alexander.burmashev@oracle.com)\n[3.1.115-1]\n- Update to .NET SDK 3.1.115 and Runtime 3.1.15\n- Resolves: RHBZ#1954333\n[3.1.114-2]\n- Rebuild to tag into the correct location\n- Resolves: RHBZ#1947455\n[3.1.114-1]\n- Update to .NET Core SDK 3.1.114 and Runtime 3.1.14\n- Resolves: RHBZ#1947455", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-29T00:00:00", "type": "oraclelinux", "title": "dotnet3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-29T00:00:00", "id": "ELSA-2021-2037", "href": "http://linux.oracle.com/errata/ELSA-2021-2037.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2021-08-11T15:48:32", "description": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-19T07:18:44", "type": "almalinux", "title": "Important: dotnet5.0 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:2036", "href": "https://errata.almalinux.org/8/ALSA-2021-2036.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-11T15:48:32", "description": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15.\n\nSecurity Fix(es):\n\n* dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204)\n\nIn order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-19T07:18:50", "type": "almalinux", "title": "Important: dotnet3.1 security and bugfix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:2037", "href": "https://errata.almalinux.org/8/ALSA-2021-2037.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mscve": [{"lastseen": "2023-08-02T01:17:16", "description": ".NET and Visual Studio Elevation of Privilege Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T07:00:00", "type": "mscve", "title": ".NET and Visual Studio Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-05-11T07:00:00", "id": "MS:CVE-2021-31204", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31204", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2023-05-27T17:17:06", "description": "A flaw was found in dotnet. A .NET Core single-file application running with elevated permissions could allow an attacker to gain elevated privileges. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T20:55:44", "type": "redhatcve", "title": "CVE-2021-31204", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2023-04-06T08:57:20", "id": "RH:CVE-2021-31204", "href": "https://access.redhat.com/security/cve/cve-2021-31204", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "altlinux": [{"lastseen": "2023-05-07T11:53:42", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-coreclr-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-06-30T00:00:00", "id": "EDB233F729B420FA5E11C1D56696F904", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-coreclr-3.1/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:51:49", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204"], "modified": "2021-06-30T00:00:00", "id": "01180C55C3214E2412ECB8427CA03E43", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-coreclr-3.1/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-07T11:51:08", "description": "June 30, 2021 Vitaly Lipatov 5.0.7-alt1\n \n \n - new version 5.0.7 (with rpmrb script)\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 5.0.7-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "0A8B4F7539A685F6CFE70F6AD2395477", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-bootstrap-5.0/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:54:24", "description": "June 30, 2021 Vitaly Lipatov 5.0.7-alt1\n \n \n - new version 5.0.7 (with rpmrb script)\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 5.0.7-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "551C54E499C0DD394544C6AAD788CCC1", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-bootstrap-5.0/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:54:52", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16 and .NET Core SDK 3.1.410\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "6D6DC73488675F6D3E05017E1C3E90F5", "href": "https://packages.altlinux.org/en/p9/srpms/dotnet-bootstrap-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-07T11:52:20", "description": "June 30, 2021 Vitaly Lipatov 3.1.16-alt1\n \n \n - new version 3.1.16 (with rpmrb script)\n - .NET Core 3.1.16 and .NET Core SDK 3.1.410\n - CVE-2021-31957: ASP.NET Denial of Service Vulnerability\n - CVE-2021-31204: .NET Core Elevation of Privilege Vulnerability\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-30T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.16-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31204", "CVE-2021-31957"], "modified": "2021-06-30T00:00:00", "id": "97248F752AEF925BD9D225D99FD71A8A", "href": "https://packages.altlinux.org/en/p10/srpms/dotnet-bootstrap-3.1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2023-08-06T23:22:44", "description": "### *Detect date*:\n05/11/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nVisual Studio Code \nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) \nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) \nVisual Studio 2019 for Mac version 8.9 \n.NET 5.0 \n.NET Core 3.1 \nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6) \nVisual Studio Code Remote - Containers Extension\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-31214](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31214>) \n[CVE-2021-31204](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31204>) \n[CVE-2021-31213](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31213>) \n[CVE-2021-31211](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-31211>) \n[CVE-2021-27068](<https://api.msrc.microsoft.com/sug/v2.0/en-US/vulnerability/CVE-2021-27068>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2021-31214](<https://vulners.com/cve/CVE-2021-31214>)9.3Critical \n[CVE-2021-31204](<https://vulners.com/cve/CVE-2021-31204>)4.6Warning \n[CVE-2021-31213](<https://vulners.com/cve/CVE-2021-31213>)6.8High \n[CVE-2021-31211](<https://vulners.com/cve/CVE-2021-31211>)6.8High \n[CVE-2021-27068](<https://vulners.com/cve/CVE-2021-27068>)6.5High\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-11T00:00:00", "type": "kaspersky", "title": "KLA12173 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27068", "CVE-2021-31204", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214"], "modified": "2023-07-13T00:00:00", "id": "KLA12173", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12173/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-05-11T23:10:25", "description": "Microsoft\u2019s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It\u2019s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS.\n\nThe good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known.\n\n[The fixes](<https://msrc.microsoft.com/update-guide/en-us>) address security flaws across Microsoft Windows, .NET Core and Visual Studio, Internet Explorer (IE), Microsoft Office, SharePoint Server, Open-Source Software, Hyper-V, Skype for Business and Microsoft Lync, and Exchange Server. Besides the four critical bugs, 50 are rated \u201cimportant\u201d and one is moderate in severity.\n\n## **Critical Microsoft Security Patches for May 2021**\n\nThe critical bugs in this month\u2019s Patch Tuesday release are:\n\n * [CVE-2021-31166](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166>): A wormable HTTP protocol-stack issue in Windows 10 and some versions of Windows Server allowing remote code-execution (RCE)\n * [CVE-2021-26419](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26419>): A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE\n * [CVE-2021-31194](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31194>): An RCE bug in the Microsoft Windows Object Linking and Embedding (OLE) Automation\n * [CVE-2021-28476](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476>): An RCE vulnerability in Microsoft Windows Hyper-V\n\n### **CVE-2021-31166 \u2013 Wormable**\n\nThis most concerning critical bug for researchers is an HTTP protocol-stack issue that would allow RCE with kernel privileges or a denial-of-service (DoS) attack. The HTTP protocol stack enables Windows and applications to communicate with other devices; it can be run standalone or in conjunction with Internet Information Services (IIS).\n\n\u201cIf exploited, this vulnerability could enable an unauthenticated attacker to send a specially crafted packet to a targeted server utilizing the HTTP protocol stack (http.sys) to process packets and ultimately, execute arbitrary code, and take control of the affected system,\u201d Eric Feldman, cybersecurity researcher with Automox, wrote in [an analysis](<https://blog.automox.com/automox-experts-weigh-in-may-patch-tuesday-2021>).\n\nWorse, Microsoft noted that the bug is wormable, so that it could be used to self-replicate across the internal network and affect internal services that may not have been exposed.\n\n\u201cThe vulnerability announced has the potential to be both directly impactful and is also exceptionally simple to exploit, leading to a remote and unauthenticated DoS (Blue Screen of Death) for affected products,\u201d Steve Povolny, head of advanced threat research and principle engineer at McAfee, said via email. \u201cWhile this vulnerability has the potential to lead to code execution in the Windows kernel, this type of weaponization is a much higher bar for exploitation. However, if RCE can be achieved, cybercriminals would likely have the capability to create a worm, leading to self-propagation of the vulnerability across networks and the internet.\u201d\n\n\u201cFor ransomware operators, this kind of vulnerability is a prime target for exploitation,\u201d Kevin Breen, director of cyber-threat research at Immersive Labs, told Threatpost. \u201cWormable exploits should always be a high priority, especially if they are for services that are designed to be public facing. As this specific exploit would not require any form of authentication, it\u2019s even more appealing for attackers, and any organization using HTTP.sys protocol stack should prioritize this patch.\u201d\n\nDustin Childs, researcher with Trend Micro\u2019s Zero Day Initiative (ZDI), noted [in a blog](<https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review>), \u201cBefore you pass this aside, Windows 10 can also be configured as a web server, so it is impacted as well. Definitely put this on the top of your test-and-deploy list.\u201d\n\n### **CVE-2021-26419**\n\nThis second critical bug affecting Microsoft\u2019s legacy browser allows RCE, and offers several avenues of attack, according to researchers.\n\n\u201cIn a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,\u201d explained Feldman. \u201cAn attacker could also embed an ActiveX control marked \u2018safe for initialization\u2019 in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.\u201d\n\nThe best way to counteract this bug is ditching IE, noted Breen.\n\n\u201cInternet Explorer needs to die \u2013 and I\u2019m not the only one that thinks so,\u201d he told Threatpost. \u201cIf you are an organization that has to provide IE11 to support legacy applications, consider enforcing a policy on the users that restricts the domains that can be accessed by IE11 to only those legacy applications. All other web browsing should be performed with a supported browser.\u201d\n\n### **CVE-2021-31194**\n\nThe third critical bug exists in the Microsoft Windows OLE Automation, which in and of itself should place it on the priority-patch list, according to researchers.\n\n\u201cTo exploit the vulnerability, an attacker could host a specially crafted website designed to invoke OLE automation through a web browser,\u201d explained Justin Knapp, Automox researcher. \u201cHowever, this approach requires that the attacker bait a user into visiting the maliciously crafted website.\u201d\n\nHe pointed out that OLE technology has frequently been used to mask malicious code within documents and for linking to external files that infect systems with malware.\n\n\u201cIn 2020, the CISA released an alert detailing the top 10 routinely exploited vulnerabilities, which identified Microsoft\u2019s OLE as the most commonly exploited technology by state-sponsored cyber-actors,\u201d he said. \u201cConsidering the prevalent exploitation of OLE vulnerabilities, including those that had been flagged years ago, organizations should immediately prioritize patching all outstanding OLE vulnerabilities.\u201d\n\n### **CVE-2021-28476**\n\nThe last critical bug is found in Windows Hyper-V, which is a native hypervisor that can create and run virtual machines on x86-64 systems running Windows. It can allow an attacker to execute arbitrary code, Knapp said: \u201cTo exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data. Successful exploitation could enable an attacker to run malicious binaries on Hyper-V virtual machines or execute arbitrary code on the host system itself.\u201d\n\nThat said, Microsoft noted that an attacker is more likely to abuse the bug for DoS attacks in the form of a system crash rather than RCE, Childs pointed out, which mitigates the vulnerability\u2019s CVSS score of 9.9.\n\n\u201cBecause of this, it could be argued that the attack complexity would be high, which changes the CVSS rating to 8.5,\u201d he said. \u201cThat still rates as high-severity, but not critical. Still, the bug check [system crash] alone is worth making sure your Hyper-V systems get this update.\u201d\n\n## **Publicly Disclosed Vulnerabilities**\n\nChris Goettl, senior director of product management at Ivanti, told Threatpost that the biggest patching priority should be the publicly disclosed bugs \u2013 even though there is as yet no known malicious exploitation.\n\n\u201cThe top concern from the Microsoft updates this month is the update for Microsoft Exchange that includes the fix for [CVE-2021-31207](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31207>), which made its debut in the [2021 Pwn2Own competition](<https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results>),\u201d he said.\n\nThe bug tracked as CVE-2021-31207 is only rated as \u201cmoderate,\u201d but the \u201csecurity feature-bypass exploit was showcased prominently in the Pwn2Own contest and at some point details of the exploit will be published,\u201d Goettl explained. \u201cAt that point threat actors will be able to take advantage of the vulnerability if they have not already begun attempting to reverse engineer an exploit.\u201d\n\nThere two other publicly disclosed vulnerabilities resolved by Microsoft this month that exist in Common Utilities, found in the NNI open-source toolkit ([CVE-2021-31200](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31200>)), and in .NET and Visual Studio ([CVE-2021-31204](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31204>)).\n\n\u201cCommon Utilities and .NET and Visual Studio are less likely to be targeted, but due to the public disclosures they should not be ignored for long,\u201d Goettl added.\n\n## **Other Notable Microsoft Security Patches for May 2021**\n\nAs for the other patches in the update that stood out to the research community, ZDI\u2019s Childs highlighted a Windows wireless networking information-disclosure bug, tracked as [CVE-2020-24587](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-24587>).\n\n\u201cThe ZDI doesn\u2019t normally highlight info disclosure bugs, but this one has the potential to be pretty damaging,\u201d Childs said. \u201cThis patch fixes a vulnerability that could allow an attacker to disclose the contents of encrypted wireless packets on an affected system. It\u2019s not clear what the range on such an attack would be, but you should assume some proximity is needed. You\u2019ll also note this CVE is from 2020, which could indicate Microsoft has been working on this fix for some time.\u201d\n\n### **Windows Graphics, SharePoint Server Patches**\n\nA trio of local privilege escalation flaws \u2013 two in the Windows Graphics Component ([CVE-2021-31188](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31188>), [CVE-2021-31170](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31170>)) and one in SharePoint Server ([CVE-2021-28474](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28474>)) \u2013 caught Breen\u2019s eye.\n\nAs for the first two, he noted they could be chained with another bug, such as the wormable bug listed above, to become highly dangerous and allow for [WannaCry-style attacks](<https://threatpost.com/one-year-after-wannacry-a-fundamentally-changed-threat-landscape/132047/>).\n\n\u201cThis kind of vulnerability is often used by attackers after they have already gained a foothold through an initial infection vector, like phishing or via another exploit like the RCE in HTTP.sys (CVE-2021-31166),\u201d Breen noted via email. \u201cThe attackers are looking to increase their privileges so they can move laterally across a network or gain access to other accounts that may have access to more sensitive information.\u201d\n\nMeanwhile, the SharePoint bug allows an authenticated attacker to run code on remote SharePoint Servers.\n\n\u201cAs this is post-authentication, it\u2019s likely to be used as part of post-exploitation and lateral movement phases of an attack, rather than the initial-infection vector,\u201d Breen said. \u201cAttackers could gain access to sensitive documents or even replace real documents with weaponized versions, enabling the compromise of more user devices across the organization\u2019s network.\u201d\n\n### **Microsoft Exchange Server Patches**\n\nMicrosoft also patched four vulnerabilities in Microsoft Exchange Server. The flaws ([CVE-2021-31198](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31198>), RCE; [CVE-2021-31207](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207>), spoofing; [CVE-2021-31209](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31209>), security bypass; and [CVE-2021-31195](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31195>), RCE), are all rated important or moderate.\n\n\u201cCVE-2021-31195 is attributed to Orange Tsai of the DEVCORE research team, who was responsible for disclosing the [ProxyLogon Exchange Server](<https://threatpost.com/fbi-proxylogon-web-shells/165400/>) vulnerabilities that [were] patched in an out-of-band release back in March,\u201d Satnam Narang, staff research engineer with Tenable, told Threatpost. \u201cWhile none of these flaws are deemed critical in nature, it is a reminder that researchers and attackers are still looking closely at Exchange Server for additional vulnerabilities, so organizations that have yet to update their systems should do so as soon as possible.\u201d\n\nAnd finally, Ivanti\u2019s Goettl noted that several Microsoft products have reached end-of-life and won\u2019t be getting support going forward.\n\n\u201cThis month marks the final update for several Windows 10 and Server editions, so make sure you have updated any systems to newer branches to avoid a disruption in security update coverage come June,\u201d he said. \u201cWindows 10 1803 and 1809 and Server 1909 all received their final update on May Patch Tuesday 2021.\u201d\n\n**Join Threatpost for \u201c**[**Fortifying Your Business Against Ransomware, DDoS &amp; Cryptojacking Attacks**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**\u201d \u2013 a LIVE roundtable event on**[** Wed, May 12 at 2:00 PM EDT**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and **[**Register HERE**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)** for free. **\n", "cvss3": {}, "published": "2021-05-11T20:05:44", "type": "threatpost", "title": "Wormable Windows Bug Opens Door to DoS, RCE", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2021-26419", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-31166", "CVE-2021-31170", "CVE-2021-31188", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31207", "CVE-2021-31209"], "modified": "2021-05-11T20:05:44", "id": "THREATPOST:A2FE619CD27EBEC2F6B0C62ED026F02C", "href": "https://threatpost.com/wormable-windows-bug-dos-rce/166057/", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2021-05-22T09:01:54", "description": "\n\nHere we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details.\n\n## HTTP Protocol Stack Remote Code Execution Vulnerability - [[[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166>)](<https://blog.rapid7.com/p/a0284057-0a58-48f2-89f5-a9b1d04661c3/CVE-2021-31166>)\n\nThe hottest vulnerability this month is in the HTTP.sys library. If an attacker has network access to a webserver running on an unpatched asset they may be able to send a specially crafted packet which could result in RCE. This was found internally by Microsoft and has not yet been observed in the wild. However, it is only a matter of time before someone figures out how to craft that special packet and we start to see widespread use against Windows 10 and Windows Server machines. Rated at 9.8, this potentially wormable vulnerability should be a high priority for remediation.\n\n## Hyper-V Remote Code Execution - [CVE-2021-28476](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-28476>)\n\nThere is some debate whether this vulnerability deserves its assigned 9.9 severity score. The limited details indicate that the most likely use of this bug is to cause a DoS on the Hyper-V host. This can cause a good amount of trouble for anyone running virtual machines but is not as damaging as the theoretical RCE this vulnerability could provide. In either case this is a good patch to put at the top of the todo-list.\n\n## Exchange Server Security Feature Bypass - [CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>)\n\nNot to be outdone, Exchange Server is back again with yet another patch. This one is not nearly as high profile as the recent vulnerability which saw widespread use, but still an important patch to apply given that Exchange Servers are almost always exposed to the internet. There are a few other less severe vulnerabilities this month for Exchange which were disclosed at Pwn2Own in April. We expect to see a continued focus on Exchange Server in the months to come.\n\n## Summary Tables\n\n## Azure Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31936](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31936>) | Microsoft Accessibility Insights for Web Information Disclosure Vulnerability | No | No | 7.4 | Yes \n \n## Browser ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26419>) | Scripting Engine Memory Corruption Vulnerability | No | No | 7.5 | Yes \n \n## Developer Tools Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-27068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27068>) | Visual Studio Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31213](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31213>) | Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31211](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31214](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31214>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31204](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204>) | .NET and Visual Studio Elevation of Privilege Vulnerability | No | Yes | 7.3 | No \n \n## Exchange Server Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31209](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207>) | Microsoft Exchange Server Security Feature Bypass Vulnerability | No | Yes | 6.6 | Yes \n[CVE-2021-31198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-31195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195>) | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 6.5 | No \n \n## Microsoft Dynamics Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28461](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28461>) | Dynamics Finance and Operations Cross-site Scripting Vulnerability | No | No | 6.1 | No \n \n## Microsoft Office Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-26421](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26421>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-26422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26422>) | Skype for Business and Lync Remote Code Execution Vulnerability | No | No | 7.2 | No \n[CVE-2021-28478](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28478>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.6 | No \n[CVE-2021-31172](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31172>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-26418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 4.6 | No \n[CVE-2021-28474](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28474>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-31173](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31173>) | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-31181](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31181>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31171](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31171>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 4.1 | Yes \n[CVE-2021-31175](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31175>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31176](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31176>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31177](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31177>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31179](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31178](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178>) | Microsoft Office Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31180](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31174](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31174>) | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes \n \n## Open Source Software Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31200](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200>) | Common Utilities Remote Code Execution Vulnerability | No | Yes | 7.2 | Yes \n \n## Windows Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-31187](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31187>) | Windows WalletService Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31205](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31205>) | Windows SMB Client Security Feature Bypass Vulnerability | No | No | 4.3 | Yes \n[CVE-2021-31191](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31191>) | Windows Projected File System FS Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31192](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31192>) | Windows Media Foundation Core Remote Code Execution Vulnerability | No | No | 7.3 | No \n[CVE-2021-31170](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31170>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31185](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31185>) | Windows Desktop Bridge Denial of Service Vulnerability | No | No | 5.5 | No \n[CVE-2021-31165](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31165>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31167](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31167>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31168](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31168>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31169](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31169>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31208](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31208>) | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31190](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31190>) | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-28479](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28479>) | Windows CSC Service Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-28465](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28465>) | Web Media Extensions Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-31166](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166>) | HTTP Protocol Stack Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n \n## Windows ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2020-24588](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24588>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-26144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-26144>) | Windows Wireless Networking Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2020-24587](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-24587>) | Windows Wireless Networking Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-31193](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31193>) | Windows SSDP Service Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31186](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31186>) | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | No | No | 7.4 | Yes \n[CVE-2021-31188](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31188>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-31194](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31194>) | OLE Automation Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-31184](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31184>) | Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-31182](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31182>) | Microsoft Bluetooth Driver Spoofing Vulnerability | No | No | 7.1 | No \n[CVE-2021-28476](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476>) | Hyper-V Remote Code Execution Vulnerability | No | No | 9.9 | Yes \n \n## Windows Microsoft Office ESU Vulnerabilities\n\nCVE | Title | Exploited | Disclosed | CVSS3 | FAQ \n---|---|---|---|---|--- \n[CVE-2021-28455](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28455>) | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n \n## Summary Graphs\n\n", "cvss3": {}, "published": "2021-05-11T23:44:00", "type": "rapid7blog", "title": "Patch Tuesday - May 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28461", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31182", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214", "CVE-2021-31936"], "modified": "2021-05-11T23:44:00", "id": "RAPID7BLOG:05A653A5E863B78EDD56FD74F059E02E", "href": "https://blog.rapid7.com/2021/05/11/patch-tuesday-may-2021/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2021-06-14T06:32:34", "description": "### Microsoft Patch Tuesday \u2013 May 2021\n\nMicrosoft patched 55 CVEs in their May 2021 Patch Tuesday release, of which 4 are rated as critical severity. Three 0-day vulnerability patches were included in the release. As of this publication date, none have been exploited.\n\nQualys released 12 QIDs on the same day, providing vulnerability detection and patch management coverage (where applicable) for all 55 CVEs and the related KBs.\n\n#### Critical Microsoft vulnerabilities patched: \n\n**CVE-2021-31181 **- SharePoint Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in SharePoint (CVE-2021-31181). This CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 8.8 by the vendor. \n\n**CVE-2021-31166 **- HTTP Protocol Stack Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE vulnerability in Windows. This vulnerability allows an unauthenticated attacker to remotely execute code as kernel. This is a wormable vulnerability where an attacker can simply send a malicious crafted packet to the target impacted web-server. CVE has a high likelihood of exploitability and is assigned a CVSSv3 base score of 9.8 by the vendor.\n\n**CVE-2021-28476** - Hyper-V Remote Code Execution Vulnerability\n\nMicrosoft released patches addressing a critical RCE in Windows Server that impacts Hyper-V. Though the exploitation of this vulnerability is less likely (according to Microsoft), this should be prioritized for patching since adversaries can abuse this vulnerability and cause Denial of Service (DoS) in the form of a bug check. This CVE is assigned a CVSSv3 base score of 9.9 by the vendor.\n\n#### Three 0-day vulnerabilities patched: \n\n * CVE-2021-31204 - .NET and Visual Studio Elevation of Privilege Vulnerability \n * CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability\n * CVE-2021-31200 - Common Utilities Remote Code Execution Vulnerability\n\n#### Qualys QIDs Providing Coverage\n\nQID| Title| Severity| CVE ID \n---|---|---|--- \n100415| Microsoft Internet Explorer Security Update for May 2021| Medium| CVE-2021-26419 \n91762| Microsoft SharePoint Enterprise Server Multiple Vulnerabilities May 2021| High| CVE-2021-31181 \nCVE-2021-31173 \nCVE-2021-31172 \nCVE-2021-31171 \nCVE-2021-26418 \nCVE-2021-28478 \nCVE-2021-28474 \n110381| Microsoft Office and Microsoft Office Services and Web Apps Security Update May 2021| High| CVE-2021-31180 \nCVE-2021-31179 \nCVE-2021-31178 \nCVE-2021-31177 \nCVE-2021-31176 \nCVE-2021-31175 \nCVE-2021-31174 \nCVE-2021-28455 \n110382| Microsoft Skype for Business Server Security and Lync Server Update for May 2021| High| CVE-2021-26421 \nCVE-2021-26422 \n375556| Visual Studio Code Remote Code Execution Vulnerability| High| CVE-2021-31214 \nCVE-2021-31211 \n375557| Visual Studio Code Remote Development for Containers Extension Remote Code Execution Vulnerability| Medium| CVE-2021-31213 \n50111| Microsoft Exchange Server Multiple Vulnerabilities - May 2021| High| CVE-2021-31209 \nCVE-2021-31207 \nCVE-2021-31198 \nCVE-2021-31195 \n91762| Microsoft Windows Security Update for May 2021| Critical| CVE-2021-31192 \nCVE-2021-31188 \nCVE-2021-31170 \nCVE-2021-28476 \nCVE-2021-31184 \nCVE-2021-31190 \nCVE-2021-31167 \nCVE-2021-31168 \nCVE-2021-31208 \nCVE-2021-31169 \nCVE-2021-31165 \nCVE-2021-1720 \nCVE-2021-28479 \nCVE-2021-31185 \nCVE-2021-31194 \nCVE-2021-31191 \nCVE-2021-31186 \nCVE-2021-31205 \nCVE-2021-31193 \nCVE-2021-31187 \nCVE-2020-26144 \nCVE-2020-24587 \nCVE-2020-24588 \n91763| Microsoft Visual Studio Security Update for May 2021| High| CVE-2021-27068 \nCVE-2021-31204 \n91764| Microsoft Windows Web Media Extensions Remote Code Execution Vulnerability| High| CVE-2021-28465 \n91766| Microsoft .NET Core Security Update May 2021| Medium| CVE-2021-31204 \n91767| Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability - May 2021| Critical| CVE-2021-31166 \n \n### Adobe Patch Tuesday \u2013 May 2021\n\nAdobe addressed 46 CVEs this Patch Tuesday, of which 26 are rated as critical severity, including one critical 0-day (CVE-2021-28550) impacting Adobe Acrobat and Reader product.\n\nAdobe products patches include the following: Experience Manager, InDesign, Illustrator, InCopy, Genuine Service, Acrobat and Reader, Magento, Creative Cloud Desktop Application, Media Encoder, After Effects, Medium, and Animate products.\n\nQualys released 5 QIDs on the same day, providing vulnerability detection for 30 of the 46 CVEs, including 8 rated as critical.\n\n#### One 0-day vulnerability patched:\n\n**CVE-2021-28550**\n\nThis is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader and is being actively exploited in the wild on Windows devices. Adversaries are able to execute arbitrary code in windows, including installing malicious applications and gaining complete access to target machines.\n\nAdobe Security Bulletin| QID| Severity| CVE ID \n---|---|---|--- \n[APSB21-22 Security updates available for Adobe InDesign](<https://helpx.adobe.com/security/products/indesign/apsb21-22.html>)| 375549| Critical \nCritical \nCritical| CVE-2021-21098 \nCVE-2021-21099 \nCVE-2021-21043 \n[APSB21-24 Security update available for Adobe Illustrator](<https://helpx.adobe.com/security/products/illustrator/apsb21-24.html>)| 375551| Critical \nCritical \nCritical \nCritical \nCritical| CVE-2021-21101 \nCVE-2021-21103 \nCVE-2021-21104 \nCVE-2021-21105 \nCVE-2021-21102 \n[APSB21-29 Security update available for Adobe Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb21-29.html>)| 375547| Important \nCritical \nImportant \nCritical \nImportant \nCritical \nCritical \nCritical \nCritical \nCritical \nImportant \nCritical \nCritical \nCritical| CVE-2021-28561 \nCVE-2021-28560 \nCVE-2021-28558 \nCVE-2021-28557 \nCVE-2021-28555 \nCVE-2021-28565 \nCVE-2021-28564 \nCVE-2021-21044 \nCVE-2021-21038 \nCVE-2021-21086 \nCVE-2021-28559 \nCVE-2021-28562 \nCVE-2021-28550 \nCVE-2021-28553 \n[APSB21-32 Security update available for Adobe Media Encoder](<https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html>)| 375550| Important| CVE-2021-28569 \n[APSB21-35 Security update available for Adobe Animate7](<https://helpx.adobe.com/security/products/animate/apsb21-35.html>)| 375553| Important \nImportant \nImportant \nImportant \nImportant \nCritical \nCritical| CVE-2021-28572 \nCVE-2021-28573 \nCVE-2021-28574 \nCVE-2021-28575 \nCVE-2021-28576 \nCVE-2021-28578 \nCVE-2021-28577 \n \n### Discover Patch Tuesday Vulnerabilities in VMDR \n\n[Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledge Base (KB).\n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n\n`vulnerabilities.vulnerability:(qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557`)`\n\n\n\n### Respond by Patching\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches in one go.\n\nThe following QQL will return the missing patches pertaining to this Patch Tuesday.\n\n`qid:`50111` OR qid:`91762` OR qid:`91763` OR qid:`91764` OR qid:`91766` OR qid:`91767` OR qid:`100415` OR qid:`110380` OR qid:`110381` OR qid:`110382` OR qid:`375547` OR qid:`375549` OR qid:`375550` OR qid:`375551` OR qid:`375553` OR qid:`375556` OR qid:`375557``\n\n\n\n### Patch Tuesday Dashboard \n\nThe current updated Patch Tuesday dashboards are available in [Dashboard Toolbox: 2021 Patch Tuesday Dashboard](<https://qualys-secure.force.com/discussions/s/article/000006505>).\n\n### Webinar Series: This Month in Patches\n\nTo help customers leverage the seamless integration between Qualys VMDR and Patch Management and reduce the median time to remediate critical vulnerabilities, the Qualys Research team is hosting a monthly webinar series [_This Month in Patches_](<https://www.brighttalk.com/webcast/11673/486394>).\n\nWe discuss some of the key vulnerabilities disclosed in the past month and how to patch them:\n\n * 21Nails Exim Mail Server Multiple Vulnerabilities\n * Pulse Connect Secure Remote Code Execution Vulnerability (CVE-2021-22893)\n * Microsoft Patch Tuesday, May 2021\n\n[Join us live or watch on demand](<https://www.brighttalk.com/webcast/11673/486394>)!\n\n### About Patch Tuesday \n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-05-11T21:53:37", "type": "qualysblog", "title": "Microsoft & Adobe Patch Tuesday (May 2021) \u2013 Qualys covers 85 Vulnerabilities, 26 Critical", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26144", "CVE-2021-1720", "CVE-2021-21038", "CVE-2021-21043", "CVE-2021-21044", "CVE-2021-21086", "CVE-2021-21098", "CVE-2021-21099", "CVE-2021-21101", "CVE-2021-21102", "CVE-2021-21103", "CVE-2021-21104", "CVE-2021-21105", "CVE-2021-22893", "CVE-2021-26418", "CVE-2021-26419", "CVE-2021-26421", "CVE-2021-26422", "CVE-2021-27068", "CVE-2021-28455", "CVE-2021-28465", "CVE-2021-28474", "CVE-2021-28476", "CVE-2021-28478", "CVE-2021-28479", "CVE-2021-28550", "CVE-2021-28553", "CVE-2021-28555", "CVE-2021-28557", "CVE-2021-28558", "CVE-2021-28559", "CVE-2021-28560", "CVE-2021-28561", "CVE-2021-28562", "CVE-2021-28564", "CVE-2021-28565", "CVE-2021-28569", "CVE-2021-28572", "CVE-2021-28573", "CVE-2021-28574", "CVE-2021-28575", "CVE-2021-28576", "CVE-2021-28577", "CVE-2021-28578", "CVE-2021-31165", "CVE-2021-31166", "CVE-2021-31167", "CVE-2021-31168", "CVE-2021-31169", "CVE-2021-31170", "CVE-2021-31171", "CVE-2021-31172", "CVE-2021-31173", "CVE-2021-31174", "CVE-2021-31175", "CVE-2021-31176", "CVE-2021-31177", "CVE-2021-31178", "CVE-2021-31179", "CVE-2021-31180", "CVE-2021-31181", "CVE-2021-31184", "CVE-2021-31185", "CVE-2021-31186", "CVE-2021-31187", "CVE-2021-31188", "CVE-2021-31190", "CVE-2021-31191", "CVE-2021-31192", "CVE-2021-31193", "CVE-2021-31194", "CVE-2021-31195", "CVE-2021-31198", "CVE-2021-31200", "CVE-2021-31204", "CVE-2021-31205", "CVE-2021-31207", "CVE-2021-31208", "CVE-2021-31209", "CVE-2021-31211", "CVE-2021-31213", "CVE-2021-31214"], "modified": "2021-05-11T21:53:37", "id": "QUALYSBLOG:A8EE36FB3E891C73934CB1C60E3B3D41", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}