Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11772
HistoryMay 12, 2020 - 12:00 a.m.

KLA11772 Multiple vulnerabilities in Microsoft Developer Tools

2020-05-1200:00:00
Kaspersky Lab
threats.kaspersky.com
28

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.7%

JSON

Detect date:

05/12/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.5.2
ASP.NET Core 3.1
Microsoft .NET Framework 4.6
Microsoft Visual Studio 2019 version 16.5
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.8
.NET Core 3.1
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.2
.NET Core 5.0
.NET Core 2.1
Visual Studio Code
Microsoft .NET Framework 3.5 AND 4.8
Microsoft Visual Studio 2019 version 16.0
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1066
CVE-2020-1108
CVE-2020-1161
CVE-2020-1171
CVE-2020-1192

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2020-10664.6Warning
CVE-2020-11085.0Warning
CVE-2020-11615.0Warning
CVE-2020-11719.3Critical
CVE-2020-11929.3Critical

KB list:

4556826
4556813
4556812
4556807
4556406
4556405
4556404
4556403
4556402
4556401
4556400
4556441
4552929
4552926
4552931
4556399
4552928

Microsoft official advisories:

References

Related

prion 5
cve 5
nessus 31
redhat 8
oraclelinux 4
mskb 19
openvas 13
osv 7
veracode 2
github 2
mscve 5
redhatcve 3
altlinux 8
githubexploit 1
photon 2
qualysblog 1
threatpost 1
avleonov 1
prion
prion
Remote code execution
2020-05-21 23:15:00
Remote code execution
2020-05-21 23:15:00
Privilege escalation
2020-05-21 23:15:00
cve
cve
CVE-2020-1171
2020-05-21 23:15:00
CVE-2020-1192
2020-05-21 23:15:00
CVE-2020-1161
2020-05-21 23:15:00
nessus
nessus
Security Update for Microsoft Visual Studio Code Python Extension (May 2020)
2020-05-15 00:00:00
Security Updates for Microsoft Visual Studio Products (May 2020)
2020-05-12 00:00:00
RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2020:2249)
2023-01-23 00:00:00
redhat
redhat
(RHSA-2020:2250) Important: dotnet3.1 security update
2020-05-21 15:44:48
(RHSA-2020:2249) Important: .NET Core on Red Hat Enterprise Linux security and bug fix update
2020-05-21 15:09:36
(RHSA-2020:2146) Important: .NET Core on Red Hat Enterprise Linux security and bug fix update
2020-05-13 16:38:56
oraclelinux
oraclelinux
dotnet3.1 security update
2020-06-09 00:00:00
.NET Core on Red Hat Enterprise Linux 8 security update
2020-06-12 00:00:00
.NET Core security update
2020-05-13 00:00:00
mskb
mskb
Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4556406)
2020-05-12 07:00:00
Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4556402)
2020-05-12 07:00:00
Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4556399)
2020-05-12 07:00:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (KB4556399)
2020-05-13 00:00:00
.NET Core SDK DoS Vulnerability-01 (May 2020)
2020-05-13 00:00:00
.NET Core DoS Vulnerability-01 (May 2020)
2020-05-13 00:00:00
osv
osv
CVE-2020-1161
2020-05-21 23:15:17
ASP.NET Core Denial of Service Vulnerability
2022-05-24 17:18:32
BIT-aspnet-core-2020-1161
2024-03-06 10:53:59
veracode
veracode
Denial Of Service (DoS)
2020-05-15 03:39:01
Denial Of Service (DoS)
2020-05-14 03:09:47
github
github
ASP.NET Core Denial of Service Vulnerability
2022-05-24 17:18:32
.NET Core & .NET Framework Denial of Service Vulnerability
2022-05-24 17:18:28
mscve
mscve
ASP.NET Core Denial of Service Vulnerability
2020-05-12 07:00:00
Visual Studio Code Python Extension Remote Code Execution Vulnerability
2020-05-12 07:00:00
.NET Framework Elevation of Privilege Vulnerability
2020-05-12 07:00:00
redhatcve
redhatcve
CVE-2020-1161
2020-05-12 19:11:06
CVE-2020-1066
2020-06-29 09:20:54
CVE-2020-1108
2022-05-14 11:39:23
altlinux
altlinux
Security fix for the ALT Linux 9 package dotnet-coreclr-3.1 version 3.1.6-alt1
2020-08-03 00:00:00
Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.6-alt1
2020-08-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 3.1.6-alt1
2020-08-02 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2020-06-01 04:44:05
photon
photon
Important Photon OS Security Update - PHSA-2020-0151
2020-10-13 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0151
2020-10-13 00:00:00
qualysblog
qualysblog
May 2020 Patch Tuesday – 111 Vulns, 16 Critical, SharePoint, VS Code, Adobe Patches
2020-05-12 18:25:06
threatpost
threatpost
Microsoft Addresses 111 Bugs for May Patch Tuesday
2020-05-12 20:14:28
avleonov
avleonov
Microsoft Patch Tuesday May 2020: comments from VM vendors, promising stuff for phishing, troubles with SharePoint and lulz with Visual Studio
2020-05-13 00:49:16

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.7%

JSON
Related for KLA11772
prion5cve5nessus31redhat8oraclelinux4mskb19openvas13osv7veracode2github2mscve5redhatcve3altlinux8githubexploit1photon2qualysblog1threatpost1avleonov1