Detections
Analytics
Security Update for Microsoft ASP.NET Core (November 2023) (CVE-2023-36558)
medium Nessus Plugin ID 185884
Language:
Synopsis
The remote Windows host is affected by a ASP.NET Core vulnerabilityDescription
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by security feature bypass vulnerability as referenced in the vendor advisory.- ASP.NET Core - Security Feature Bypass Vulnerability (CVE-2023-36558)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update .NET Core, remove vulnerable packages and refer to vendor advisory.See Also
https://dotnet.microsoft.com/download/dotnet/6.0
https://dotnet.microsoft.com/en-us/download/dotnet/7.0
https://dotnet.microsoft.com/en-us/download/dotnet/8.0
https://github.com/dotnet/announcements/issues/288
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558
https://support.microsoft.com/help/5032883
https://support.microsoft.com/help/5032884
http://www.nessus.org/u?aac42578
Plugin Details
Severity: Medium
ID: 185884
File Name: smb_nt_ms23_nov_aspdotnet_core_cve-2023-36558.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 11/16/2023
Updated: 2/16/2024
Supported Sensors: Frictionless Assessment Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2023-36558
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:asp.net_core
Required KB Items: installed_sw/ASP .NET Core Windows
Exploit Ease: No known exploits are available
Patch Publication Date: 11/14/2023
Vulnerability Publication Date: 11/14/2023
Reference Information
CVE: CVE-2023-36558
IAVA: 2023-A-0617-S