Lucene search

K
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS21_JAN_DOTNET_CORE_SDK.NASL
HistoryJan 18, 2021 - 12:00 a.m.

Security Update for .NET Core SDK (January 2021)

2021-01-1800:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

The Microsoft .NET Core SDK installation on the remote host is version 3.1.x prior to 3.1.111, 3.1.2xx prior to 3.1.405, or 5.x prior to 5.0.102. It is, therefore, affected by a denial of service (DoS) vulnerability in the way Kestrel parses HTTP/2 requests. An unauthenticated, remote attacker can exploit this issue, by sending a specially crafted requests to the .NET Core application, to cause a DoS condition.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(145039);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/07");

  script_cve_id("CVE-2021-1723");
  script_xref(name:"CEA-ID", value:"CEA-2021-0001");

  script_name(english:"Security Update for .NET Core SDK (January 2021)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by a .NET Core SDK denial of service (DoS) vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Microsoft .NET Core SDK installation on the remote host is version 3.1.x prior to 3.1.111, 3.1.2xx prior to
3.1.405, or 5.x prior to 5.0.102. It is, therefore, affected by a denial of service (DoS) vulnerability in the way
Kestrel parses HTTP/2 requests. An unauthenticated, remote attacker can exploit this issue, by sending a specially
crafted requests to the .NET Core application, to cause a DoS condition.");
  script_set_attribute(attribute:"see_also", value:"https://dotnet.microsoft.com/download/dotnet-core/3.1");
  script_set_attribute(attribute:"see_also", value:"https://dotnet.microsoft.com/download/dotnet/5.0");
  script_set_attribute(attribute:"see_also", value:"https://github.com/dotnet/announcements/issues/171");
  # https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1723
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9175240f");
  script_set_attribute(attribute:"solution", value:
"Update .NET Core SDK, remove vulnerable packages and refer to vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1723");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/18");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_core");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_dotnet_core_sdk_win.nbin");
  script_require_keys("installed_sw/.NET Core SDK Windows", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

app = '.NET Core SDK Windows';

app_info = vcf::get_app_info(app:app, win_local:TRUE);

constraints = [
  { 'min_version' : '3.1',     'fixed_version' : '3.1.111' },
  { 'min_version' : '3.1.200', 'fixed_version' : '3.1.405' },
  { 'min_version' : '5.0',     'fixed_version' : '5.0.102' },
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersion
microsoft.net_core