Security Updates for Microsoft .NET Framework (August 2020)

high Nessus Plugin ID 139598

Synopsis

The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files. An attacker who successfully exploited this vulnerability could gain access to restricted files. (CVE-2020-1476)

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2020-1046)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?19866103

http://www.nessus.org/u?c3c857b4

http://www.nessus.org/u?27215a0a

http://www.nessus.org/u?1f113aae

http://www.nessus.org/u?5a5cf10b

http://www.nessus.org/u?481aa152

http://www.nessus.org/u?af841f22

http://www.nessus.org/u?9371bc74

https://support.microsoft.com/en-us/help/4570506/kb4570506

https://support.microsoft.com/en-us/help/4570507/kb4570507

http://www.nessus.org/u?1446acfc

http://www.nessus.org/u?4b0beccb

https://support.microsoft.com/en-us/help/4570502/kb4570502

https://support.microsoft.com/en-us/help/4570503/kb4570503

https://support.microsoft.com/en-us/help/4570500/kb4570500

https://support.microsoft.com/en-us/help/4570501/kb4570501

https://support.microsoft.com/en-us/help/4570508/kb4570508

https://support.microsoft.com/en-us/help/4570509/kb4570509

Plugin Details

Severity: High

ID: 139598

File Name: smb_nt_ms20_aug_dotnet.nasl

Version: 1.5

Type: local

Agent: windows

Published: 8/14/2020

Updated: 6/11/2021

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2020-1046

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 8/12/2020

Vulnerability Publication Date: 8/12/2020

Reference Information

CVE: CVE-2020-1046, CVE-2020-1476

MSKB: 4569751, 4571709, 4569748, 4569749, 4569746, 4571692, 4569745, 4571741, 4570506, 4570507, 4571694, 4570505, 4570502, 4570503, 4570500, 4570501, 4570508, 4570509

MSFT: MS20-4569751, MS20-4571709, MS20-4569748, MS20-4569749, MS20-4569746, MS20-4571692, MS20-4569745, MS20-4571741, MS20-4570506, MS20-4570507, MS20-4571694, MS20-4570505, MS20-4570502, MS20-4570503, MS20-4570500, MS20-4570501, MS20-4570508, MS20-4570509

IAVA: 2020-A-0368-S