Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12073
HistoryFeb 09, 2021 - 12:00 a.m.

KLA12073 Multiple vulnerabilities in Microsoft Developer Tools

2021-02-0900:00:00
Kaspersky Lab
threats.kaspersky.com
31

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.101 Low

EPSS

Percentile

94.8%

JSON

Detect date:

02/09/2021

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

.NET Core 2.1
Microsoft Visual Studio 2019 version 16.8
Visual Studio Code
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft .NET Framework 4.7.2
.NET Core 3.1
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code - npm-script Extension
Microsoft .NET Framework 4.6
.NET 5.0
PsExec
Package Manager Configurations
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-26701
CVE-2021-1639
CVE-2021-1733
CVE-2021-1721
CVE-2021-24105
CVE-2021-26700
CVE-2021-24111
CVE-2021-24112

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2021-267018.1Critical
CVE-2021-16397.0High
CVE-2021-17337.8Critical
CVE-2021-17216.5High
CVE-2021-241058.4Critical
CVE-2021-267007.8Critical
CVE-2021-241117.5Critical
CVE-2021-241128.1Critical

KB list:

4601354
4601318
4602960
4601056
4603002
4601050
4603004
4602961
4602959
4603003
4601051
4601887
4601054
4602958
4603005

Microsoft official advisories:

References

Related

nessus 43
github 4
osv 15
altlinux 25
openvas 16
fedora 10
archlinux 6
cve 9
mskb 14
prion 9
mscve 8
redhatcve 4
ibm 4
redhat 12
oraclelinux 6
githubexploit 2
thn 1
paloalto 1
almalinux 3
veracode 2
malwarebytes 1
alpinelinux 1
ubuntucve 1
debiancve 1
threatpost 1
nessus
nessus
Fedora 33 : dotnet5.0 (2021-b881ee9839)
2021-02-22 00:00:00
Fedora 33 : dotnet3.1 (2021-c3d7fc8949)
2021-02-25 00:00:00
Fedora 32 : dotnet5.0 (2021-56e894d5ca)
2021-02-25 00:00:00
github
github
.NET Core Remote Code Execution Vulnerability
2022-05-24 17:43:19
.NET Core Remote Code Execution Vulnerability
2021-04-21 19:38:01
Remote code execution in vscode-npm-script
2022-05-24 17:43:20
osv
osv
.NET Core Remote Code Execution Vulnerability
2021-04-21 19:38:01
.NET Core Remote Code Execution Vulnerability
2022-05-24 17:43:19
BIT-dotnet-sdk-2021-26701
2024-03-06 11:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package dotnet-aspnetcore-5.0 version 5.0.3-alt1
2021-02-18 00:00:00
Security fix for the ALT Linux 9 package dotnet-coreclr-2.1 version 2.1.25-alt1
2021-03-01 00:00:00
Security fix for the ALT Linux 10 package dotnet-bootstrap-7.0 version 6.0.0.preview.1-alt1
2021-02-23 00:00:00
openvas
openvas
Fedora: Security Advisory for dotnet5.0 (FEDORA-2021-56e894d5ca)
2021-02-25 00:00:00
Fedora: Security Advisory for dotnet5.0 (FEDORA-2021-b881ee9839)
2021-02-21 00:00:00
Fedora: Security Advisory for dotnet3.1 (FEDORA-2021-c3d7fc8949)
2021-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: dotnet5.0-5.0.103-1.fc33
2021-02-21 01:20:39
[SECURITY] Fedora 32 Update: dotnet5.0-5.0.103-1.fc32
2021-02-24 20:47:25
[SECURITY] Fedora 33 Update: dotnet3.1-3.1.112-1.fc33
2021-02-24 20:43:16
archlinux
archlinux
[ASA-202103-17] dotnet-sdk: multiple issues
2021-03-25 00:00:00
[ASA-202103-16] dotnet-runtime: multiple issues
2021-03-25 00:00:00
[ASA-202103-23] dotnet-sdk-3.1: arbitrary code execution
2021-03-25 00:00:00
cve
cve
CVE-2021-24111
2021-02-25 23:15:00
CVE-2021-24105
2021-02-25 23:15:00
CVE-2021-26701
2021-02-25 23:15:00
mskb
mskb
February 9, 2021-KB4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
2000-01-01 00:00:00
February 9, 2021-KB4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2
2021-02-09 08:00:00
Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4602958)
2021-02-09 08:00:00
prion
prion
Remote code execution
2021-02-25 23:15:00
Denial of service
2021-02-25 23:15:00
Remote code execution
2021-02-25 23:15:00
mscve
mscve
Package Managers Configurations Remote Code Execution Vulnerability
2021-02-09 08:00:00
.NET Framework Denial of Service Vulnerability
2021-02-09 08:00:00
.NET Core Remote Code Execution Vulnerability
2021-02-09 08:00:00
redhatcve
redhatcve
CVE-2021-24112
2021-03-01 15:38:56
CVE-2021-24111
2021-03-01 16:03:32
CVE-2021-26701
2021-03-01 15:40:09
ibm
ibm
Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701
2023-02-01 20:04:18
Security Bulletin: Vulnerability of System.Text.Encodings.Web.4.5.0 .dll has afftected to .NET Agent
2023-07-11 11:31:57
Security Bulletin: Vulnerabilty in the .NET Core Framework may affect IBM Robotic Process Automation and could allow an attacker to remotely execute arbitrary code.
2023-01-04 20:16:40
redhat
redhat
(RHSA-2021:0793) Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
(RHSA-2021:0788) Important: dotnet security and bugfix update
2021-03-09 19:44:45
(RHSA-2021:0790) Important: dotnet3.1 security and bugfix update
2021-03-09 19:46:05
oraclelinux
oraclelinux
dotnet security and bugfix update
2021-03-10 00:00:00
dotnet3.1 security and bugfix update
2021-03-10 00:00:00
.NET Core on OL 8 security and bugfix update
2021-03-11 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2021-02-14 14:01:04
Exploit for Vulnerability in Microsoft
2023-03-16 14:49:28
thn
thn
Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw
2021-07-05 06:42:00
paloalto
paloalto
Informational: Impact of Microsoft PowerShell Vulnerability CVE-2021-26701 on Cortex XSOAR
2021-08-11 16:00:00
almalinux
almalinux
Important: dotnet security and bugfix update
2021-03-09 19:44:45
Important: .NET Core on RHEL 8 security and bugfix update
2021-03-09 20:33:04
Important: dotnet3.1 security and bugfix update
2021-03-09 19:46:05
veracode
veracode
Remote Code Execution
2021-04-14 03:10:39
Remote Code Execution (RCE)
2023-05-26 05:48:32
malwarebytes
malwarebytes
Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits
2021-02-10 17:26:33
alpinelinux
alpinelinux
CVE-2020-36327
2021-04-29 03:15:00
ubuntucve
ubuntucve
CVE-2020-36327
2021-04-29 00:00:00
debiancve
debiancve
CVE-2020-36327
2021-04-29 03:15:00
threatpost
threatpost
Actively Exploited Windows Kernel Bug Allows Takeover
2021-02-09 22:33:08

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.101 Low

EPSS

Percentile

94.8%

JSON
Related for KLA12073
nessus43github4osv15altlinux25openvas16fedora10archlinux6cve9mskb14prion9mscve8redhatcve4ibm4redhat12oraclelinux6githubexploit2thn1paloalto1almalinux3veracode2malwarebytes1alpinelinux1ubuntucve1debiancve1threatpost1