CVE-2021-26701

.NET Core Remote Code Execution Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
microsoft.net
5.0 ≤
𝑥
< 5.0.4
microsoft.net_core
2.1 ≤
𝑥
< 2.1.28
microsoft.net_core
3.1 ≤
𝑥
< 3.1.15
microsoftpowershell_core
7.0
microsoftpowershell_core
7.1
microsoftvisual_studio_2019
16.0 ≤
𝑥
≤ 16.9
microsoftvisual_studio_2019
-
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
aspnetcore-runtime-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
aspnetcore-runtime-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
aspnetcore-targeting-pack-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
aspnetcore-targeting-pack-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet
RHEL 8
0:5.0.104-1.el8_3
fixed
dotnet-apphost-pack-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
dotnet-apphost-pack-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet-host
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet-host-fxr-2.1
RHEL 8
0:2.1.26-1.el8_3
fixed
dotnet-hostfxr-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
dotnet-hostfxr-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet-runtime-2.1
RHEL 8
0:2.1.26-1.el8_3
fixed
dotnet-runtime-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
dotnet-runtime-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet-sdk-2.1
RHEL 8
0:2.1.522-1.el8_3
fixed
dotnet-sdk-2.1.5xx
RHEL 8
0:2.1.522-1.el8_3
fixed
dotnet-sdk-3.1
RHEL 8
0:3.1.113-1.el8_3
fixed
dotnet-sdk-5.0
RHEL 8
0:5.0.104-1.el8_3
fixed
dotnet-targeting-pack-3.1
RHEL 8
0:3.1.13-1.el8_3
fixed
dotnet-targeting-pack-5.0
RHEL 8
0:5.0.4-1.el8_3
fixed
dotnet-templates-3.1
RHEL 8
0:3.1.113-1.el8_3
fixed
dotnet-templates-5.0
RHEL 8
0:5.0.104-1.el8_3
fixed
netstandard-targeting-pack-2.1
RHEL 8
0:5.0.104-1.el8_3
fixed
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2AZOUKMCHT2WBHR7MYDTYXWOBHZW5P5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TW3ZSJTTMZAFKGW7NJWTVVFZUYYU2SJZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBOSSX7U6BSHV5RI74FCOW4ITJ5RRJR5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WA5WQJVHUL5C4XMJTLY3C67R4WP35EF4/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XPUKFHIGP5YNJRRFWKDJ2XRS4WTFJNNK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YLFATXASXW4OV2ZBSRP4G55HJH73QPBP/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701