CVE-2020-0603
Description
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ASP.NET Core Remote Code Execution Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
10.943
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App 3.0.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App 2.1.15 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.Http.Connections 1.0.15 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.All 2.1.15 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 3.1.1 | Windows |
| Vulnerabilities CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 3.1.1 | Windows |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update aspnetcore-runtime-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update aspnetcore-targeting-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-apphost-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-host-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-hostfxr-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-runtime-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-sdk-3.0-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-targeting-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-templates-3.0-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet3.0-debugsource-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update netstandard-targeting-pack-2.1-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update aspnetcore-runtime-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update aspnetcore-targeting-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-apphost-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-host-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-hostfxr-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-runtime-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-sdk-3.0-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-targeting-pack-3.0-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (CESA-2020:0130) .NET Core on Red Hat Enterprise Linux security and bug fix update dotnet-templates-3.0-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet-apphost-pack-3.0-debuginfo-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet-host-debuginfo-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet-hostfxr-3.0-debuginfo-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet-runtime-3.0-debuginfo-3.0.2-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet-sdk-3.0-debuginfo-3.0.102-2.el8_1.x86_64.rpm | Linux |
| (RHSA-2020:0130)Critical: Core on Red Hat Enterprise Linux security and bug fix update dotnet3.0-debuginfo-3.0.102-2.el8_1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App for Linux 3.0.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App for Linux 2.1.15 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.Http.Connections for Linux 1.0.15 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.win-arm for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.All for Linux 2.1.15 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget-Microsoft.AspNetCore.App.Runtime.linux-arm for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-arm64 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-x64 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-x64 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.osx-x64 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x64 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0602,CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.win-x86 for Linux 3.1.1 | Linux |
| Vulnerabilities CVE-2020-0603 are fixed in Nuget - Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 for Linux 3.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234