CVE-2017-0248

EUVD-2018-0579
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5.1
microsoft.net_framework
4.5.2
microsoft.net_framework
4.6
microsoft.net_framework
4.6.1
microsoft.net_framework
4.6.2
microsoft.net_framework
4.7
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4019474
1511 (x64, x86)
KB4019473
1607 (x64, x86)
KB4019472
1703 (x64, x86)
KB4016871
Windows 7
Service Pack 1 (x64, x86)
KB4019112
Windows 8.1
(x64, x86)
KB4019114
Windows RT 8.1
All
KB4019114
Windows Server 2008
Service Pack 2 (x64, x86)
KB4019115
Windows Server 2008 R2
Service Pack 1 (x64)
KB4019112
Service Pack 1 Server Core (x64)
KB4019112
Windows Server 2012
Server Core
KB4019113
Standard
KB4019113
Windows Server 2012 R2
Server Core
KB4019114
Standard
KB4019114
Windows Server 2016
Server Core
KB4019472
Standard
KB4019472
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98117
http://www.securitytracker.com/id/1038458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248
http://www.securityfocus.com/bid/98117
http://www.securitytracker.com/id/1038458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0248