Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11634
HistoryJan 14, 2020 - 12:00 a.m.

KLA11634 Multiple vulnerabilities in Microsoft Developer Tools

2020-01-1400:00:00
Kaspersky Lab
threats.kaspersky.com
170

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

JSON

Detect date:

01/14/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

.NET Core 3.0
ASP.NET Core 3.0
ASP.NET Core 2.1
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.5 AND 4.8
.NET Core 3.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.0 Service Pack 2
ASP.NET Core 3.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-0603
CVE-2020-0602
CVE-2020-0605
CVE-2020-0646
CVE-2020-0606

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2020-06039.3Critical
CVE-2020-06025.0Warning
CVE-2020-06059.3Critical
CVE-2020-06069.3Critical

KB list:

4535101
4534306
4534978
4534976
4532933
4534276
4532938
4532936
4534271
4534979
4532935
4535103
4535104
4535105
4534293
4534977
4535102
4556826
4556813
4556812
4556807
4556406
4556405
4556404
4556403
4556402
4556401
4556400
4556441
4552929
4552926
4552931
4556399
4552928

Microsoft official advisories:

References

Related

openvas 17
nessus 17
mskb 37
oraclelinux 1
redhat 2
attackerkb 2
cve 5
prion 5
veracode 4
osv 10
github 4
symantec 5
mscve 5
redhatcve 4
packetstorm 1
zdt 1
metasploit 1
checkpoint_advisories 2
kitploit 1
cisa_kev 1
exploitdb 1
talosblog 1
qualysblog 1
openvas
openvas
.NET Core SDK Multiple Vulnerabilities (Jan 2020
2020-01-16 00:00:00
.NET Core Multiple Vulnerabilities (Jan 2020
2020-01-16 00:00:00
Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535104)
2020-01-16 00:00:00
nessus
nessus
Security Update for .NET Core SDK (January 2020)
2020-01-16 00:00:00
Security Updates for Microsoft .NET Framework (January 2020)
2020-01-16 00:00:00
RHEL 8 : .NET Core on Red Hat Enterprise Linux (RHSA-2020:0130)
2020-01-17 00:00:00
mskb
mskb
Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4534978)
2020-01-14 08:00:00
January 14, 2020-KB4532938 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909
2020-01-14 08:00:00
Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4535105)
2020-01-14 08:00:00
oraclelinux
oraclelinux
.NET Core on Red Hat Enterprise Linux security and bug fix update
2020-01-20 00:00:00
redhat
redhat
(RHSA-2020:0134) Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update
2020-01-16 16:17:47
(RHSA-2020:0130) Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update
2020-01-16 14:41:13
attackerkb
attackerkb
CVE-2020-0605
2020-01-14 00:00:00
CVE-2020-0646
2020-01-14 00:00:00
cve
cve
CVE-2020-0606
2020-01-14 23:15:00
CVE-2020-0605
2020-01-14 23:15:00
CVE-2020-0602
2020-01-14 23:15:00
prion
prion
Remote code execution
2020-01-14 23:15:00
Remote code execution
2020-01-14 23:15:00
Remote code execution
2020-01-14 23:15:00
veracode
veracode
Remote Code Execution
2020-01-20 06:05:18
Remote Code Execution (RCE)
2020-01-20 07:19:54
Denial Of Service (DoS)
2020-01-15 06:42:34
osv
osv
CVE-2020-0606
2020-01-14 23:15:30
CVE-2020-0605
2020-01-14 23:15:30
Remote code execution in Microsoft.WindowsDesktop.App.Ref
2022-05-24 17:06:16
github
github
Remote code execution in Microsoft.WindowsDesktop.App.Ref
2022-05-24 17:06:16
Denial of service in ASP.NET Core
2022-05-24 17:06:16
Remote code execution in ASP.NET Core
2022-05-24 17:06:16
symantec
symantec
Microsoft ASP.NET Core CVE-2020-0603 Remote Code Execution Vulnerability
2020-01-14 00:00:00
Microsoft ASP.NET Core CVE-2020-0602 Denial of Service Vulnerability
2020-01-14 00:00:00
Microsoft .NET Framework CVE-2020-0606 Remote Code Execution Vulnerability
2020-01-14 00:00:00
mscve
mscve
ASP.NET Core Denial of Service Vulnerability
2020-01-14 08:00:00
ASP.NET Core Remote Code Execution Vulnerability
2020-01-14 08:00:00
.NET Framework Remote Code Execution Vulnerability
2020-01-14 08:00:00
redhatcve
redhatcve
CVE-2020-0603
2020-01-14 20:09:07
CVE-2020-0602
2020-01-14 20:09:08
CVE-2020-0606
2020-01-14 20:09:01
packetstorm
packetstorm
SharePoint Workflows XOML Injection
2020-03-26 00:00:00
zdt
zdt
SharePoint Workflows XOML Injection Exploit
2020-03-26 00:00:00
metasploit
metasploit
SharePoint Workflows XOML Injection
2020-03-20 21:57:54
checkpoint_advisories
checkpoint_advisories
Microsoft .NET Framework Remote Code Execution (CVE-2020-0646)
2020-04-05 00:00:00
Microsoft .NET Framework XPS File Parsing Remote Code Execution (CVE-2020-0605)
2020-10-25 00:00:00
kitploit
kitploit
BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation
2021-01-18 20:30:00
cisa_kev
cisa_kev
Microsoft .NET Framework Remote Code Execution Vulnerability
2021-11-03 00:00:00
exploitdb
exploitdb
SharePoint Workflows - XOML Injection (Metasploit)
2020-03-31 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage
2020-01-17 10:14:27
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

99.9%

JSON
Related for KLA11634
openvas17nessus17mskb37oraclelinux1redhat2attackerkb2cve5prion5veracode4osv10github4symantec5mscve5redhatcve4packetstorm1zdt1metasploit1checkpoint_advisories2kitploit1cisa_kev1exploitdb1talosblog1qualysblog1