Vulnerability Name:

CVE-2021-26701 (CCN-196358)

Assigned:2021-02-09
Published:2021-02-09
Updated:2021-11-29
Summary:.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-26701

Source: XF
Type: UNKNOWN
ms-dotnet-cve202126701-code-exec(196358)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-265a3c7cb9

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-904d0bd496

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-3da33cdc80

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-1b22f31541

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-e2d218afe6

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-138728e59b

Source: CCN
Type: Microsoft Security TechCenter - February 2021
.NET Core and Visual Studio Remote Code Execution Vulnerability

Source: N/A
Type: Patch, Vendor Advisory
N/A

Source: CCN
Type: IBM Security Bulletin 6560102 (Robotic Process Automation)
Multiple vulnerabilities may affect IBM Robotic Process Automation

Source: CCN
Type: IBM Security Bulletin 6579917 (Robotic Process Automation)
Multiple Vulnerabilities may affect IBM Robotic Process Automation

Source: CCN
Type: IBM Security Bulletin 6852411 (Process Mining)
Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-26701

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:.net:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.4)
  • OR cpe:/a:microsoft:.net_core:*:*:*:*:*:*:*:* (Version >= 2.1 and < 2.1.28)
  • OR cpe:/a:microsoft:.net_core:*:*:*:*:*:*:*:* (Version >= 3.1 and < 3.1.15)
  • OR cpe:/a:microsoft:powershell_core:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:powershell_core:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:visual_studio_2019:-:*:*:*:*:macos:*:*
  • OR cpe:/a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* (Version >= 16.0 and <= 16.9)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:.net_core:2.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_core:3.1:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:.net_core:5.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20210788
    P
    		RHSA-2021:0788: dotnet security and bugfix update (Important)
    2021-03-09
    oval:com.redhat.rhsa:def:20210790
    P
    		RHSA-2021:0790: dotnet3.1 security and bugfix update (Important)
    2021-03-09
    oval:com.redhat.rhsa:def:20210793
    P
    		RHSA-2021:0793: .NET Core on RHEL 8 security and bugfix update (Important)
    2021-03-09
    BACK
    microsoft .net *
    microsoft .net core *
    microsoft .net core *
    microsoft powershell core 7.0
    microsoft powershell core 7.1
    microsoft visual studio 2019 -
    microsoft visual studio 2019 *
    fedoraproject fedora 32
    fedoraproject fedora 33
    fedoraproject fedora 34
    microsoft .net core 2.1
    microsoft .net core 3.1
    microsoft .net core 5.0
    ibm robotic process automation 21.0.0
    ibm robotic process automation 21.0.1