Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11859
HistoryJul 14, 2020 - 12:00 a.m.

KLA11859 Multiple vulnerabilities in Microsoft Developer Tools

2020-07-1400:00:00
Kaspersky Lab
threats.kaspersky.com
191

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.843 High

EPSS

Percentile

98.4%

JSON

Detect date:

07/14/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft .NET Framework 3.0 Service Pack 2
Azure Storage Explorer
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.5.1
Microsoft SharePoint Server 2019
Microsoft .NET Framework 3.5
Azure DevOps Server 2019.0.1
Microsoft Visual Studio Code ESLint extension
Microsoft Visual Studio 2019 version 16.0
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft SharePoint Enterprise Server 2016
Azure DevOps Server 2019 Update 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft .NET Framework 3.5 AND 4.7.2
.NET Core 2.1
Visual Studio Code
Microsoft .NET Framework 4.5.2
TypeScript
Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)
Azure DevOps Server 2019 Update 1.1
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5 AND 4.8
Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Visual Studio 2015 Update 3
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
.NET Core 3.1

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-1393
CVE-2020-1147
CVE-2020-1326
CVE-2020-1416
CVE-2020-1481

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2020-13934.6Warning
CVE-2020-11476.8High
CVE-2020-13263.5Warning
CVE-2020-14169.3Critical
CVE-2020-14819.3Critical

KB list:

4566468
4566469
4566466
4566467
4567703
4579980
4578974
4578972
4578971
4579977
4579978
4579979
4578968
4578969
4580328
4579976
4580330
4580327
4580346
4578963

Microsoft official advisories:

References

Related

nessus 29
cve 6
prion 6
mscve 5
osv 3
veracode 2
zdt 3
cisa_kev 1
mskb 42
packetstorm 3
openvas 24
attackerkb 1
oraclelinux 2
redhat 6
checkpoint_advisories 1
redhatcve 1
github 1
kaspersky 3
altlinux 8
githubexploit 2
qualysblog 2
avleonov 1
nessus
nessus
Security Updates for Microsoft Visual Studio Products (July 2020)
2020-07-14 00:00:00
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (July 2020)
2020-07-14 00:00:00
Security Update for Microsoft Visual Studio Code (CVE-2020-1416)
2020-07-14 00:00:00
cve
cve
CVE-2020-1326
2020-07-14 23:15:00
CVE-2020-1416
2020-07-14 23:15:00
CVE-2020-1481
2020-07-14 23:15:00
prion
prion
Cross site scripting
2020-07-14 23:15:00
Privilege escalation
2020-07-14 23:15:00
Remote code execution
2020-07-14 23:15:00
mscve
mscve
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
2020-07-14 07:00:00
Azure DevOps Server Cross-site Scripting Vulnerability
2020-07-14 07:00:00
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
2020-07-14 07:00:00
osv
osv
CVE-2020-1416
2020-07-14 23:15:17
CVE-2020-1147
2020-07-14 23:15:12
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
2022-05-24 17:22:57
veracode
veracode
Remote Code Execution (RCE)
2020-07-16 06:42:13
Remote Code Execution (RCE)
2020-07-16 02:45:18
zdt
zdt
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit
2020-08-18 00:00:00
SharePoint DataSet / DataTable Deserialization Exploit
2020-08-01 00:00:00
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit (2)
2021-07-23 00:00:00
cisa_kev
cisa_kev
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
2021-11-03 00:00:00
mskb
mskb
Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4566467)
2020-07-14 07:00:00
Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4566517)
2020-07-23 00:00:00
Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4566468)
2020-07-14 07:00:00
packetstorm
packetstorm
Microsoft SharePoint Server 2019 Remote Code Execution
2020-08-17 00:00:00
SharePoint DataSet / DataTable Deserialization
2020-07-31 00:00:00
Microsoft SharePoint Server 2019 Remote Code Execution
2021-07-23 00:00:00
openvas
openvas
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565627)
2020-07-15 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565633)
2020-07-15 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565630)
2020-07-15 00:00:00
attackerkb
attackerkb
CVE-2020-1147
2020-07-14 00:00:00
oraclelinux
oraclelinux
.NET Core security and bugfix update
2020-07-16 00:00:00
.NET Core 3.1 security and bugfix update
2020-07-17 00:00:00
redhat
redhat
(RHSA-2020:2937) Critical: .NET Core 2.1 on Red Hat Enterprise Linux security and bugfix update
2020-07-15 10:49:26
(RHSA-2020:2954) Critical: .NET Core 3.1 security and bugfix update
2020-07-15 14:17:56
(RHSA-2020:2988) Critical: .NET Core security and bugfix update
2020-07-16 19:08:29
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Multiple Products Remote Code Execution (CVE-2020-1147)
2020-07-14 00:00:00
redhatcve
redhatcve
CVE-2020-1147
2020-07-14 18:14:49
github
github
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
2022-05-24 17:22:57
kaspersky
kaspersky
KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)
2020-07-14 00:00:00
KLA11864 Multiple vulnerabilities in Microsoft Office
2020-07-14 00:00:00
KLA11865 Multiple vulnerabilities in Microsoft Windows
2020-07-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 3.1.6-alt1
2020-08-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 3.1.6-alt1
2020-08-02 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 3.1.6-alt1
2020-08-02 00:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Atlassian Data Center
2021-02-05 07:48:19
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Atlassian Data Center
2020-10-26 17:07:28
qualysblog
qualysblog
July 2020 Patch Tuesday – 123 Vulnerabilities, 18 Critical, Hyper-V RemoteFX, DNS Server, Workstation, Adobe
2020-07-14 18:58:08
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
avleonov
avleonov
Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint
2020-08-02 04:05:22

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.843 High

EPSS

Percentile

98.4%

JSON
Related for KLA11859
nessus29cve6prion6mscve5osv3veracode2zdt3cisa_kev1mskb42packetstorm3openvas24attackerkb1oraclelinux2redhat6checkpoint_advisories1redhatcve1github1kaspersky3altlinux8githubexploit2qualysblog2avleonov1