Test ID:	1.3.6.1.4.1.25623.1.0.832630
Category:	Windows
Title:	.NET Core Multiple Vulnerabilities - Windows
Summary:	.NET Core is prone to multiple vulnerabilities.
Description:	Summary: .NET Core is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A security feature bypass vulnerability exists in ASP.NET where an unauthenticated user is able to bypass validation on Blazor server forms which could trigger unintended actions. - An elevation of privilege vulnerability exists in .NET where untrusted URIs provided to System.Net.WebRequest.Create can be used to inject arbitrary commands to backend FTP servers. Vulnerability Impact: Successful exploitation will allow an attacker to bypass security restrictions and elevate privileges on an affected system. Affected Software/OS: .NET Core runtime 7.0 before 7.0.14, 6.0 before 6.0.25, 8.0 before 8.0.0 and .NET Core SDK before 7.0.114, 6.0.317, 8.0.100. Solution: Upgrade .NET Core runtimes to versions 7.0.14 or 6.0.25 or 8.0.0 or later or upgrade .NET Core SDK to versions 6.0.317 or 7.0.114 or 8.0.100 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-36049 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049 Common Vulnerability Exposure (CVE) ID: CVE-2023-36558 ASP.NET Core - Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.