CVE-2018-8356
Improper Certificate Validation in Microsoft .NET Framework components
Description
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
How to fix CVE-2018-8356
To remediate CVE-2018-8356, upgrade the affected package to a fixed version below.
- —upgrade to 4.1.3 or later
- —upgrade to 4.3.3 or later
- —upgrade to 4.3.3 or later
- —upgrade to 4.3.3 or later
- —upgrade to 4.3.3 or later
- —upgrade to 4.3.3 or later
Is CVE-2018-8356 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (6)
- >= 4.0.0, < 4.1.3
- >= 4.3.0, < 4.3.3
- >= 4.3.0, < 4.3.3
- >= 4.3.0, < 4.3.3
- >= 4.3.0, < 4.3.3
- >= 4.3.0, < 4.3.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |