Description
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected products
- Microsoft / ASP.NET Core 6.0>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-arm>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-arm64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-musl-arm>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-musl-arm64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-musl-x64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.linux-x64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.osx-arm64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.osx-x64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.win-arm>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.win-arm64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.win-x64>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.App.Runtime.win-x86>=6.0.0 – 6.0.36
- Microsoft / Microsoft.AspNetCore.Identity>=6.0.0 – 6.0.36
Updated 52m ago · 2 sources