Vulnerability in .NET core 3.1

  • 12 January 2022
  • 6 comments
  • 181 views

Userlevel 4
Badge

Hi 

Just to inform that there is a vulnerability in the .NET core runtime.
This is installed for the Veeam AWS, Azure & Google plug-ins.
reference: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-43877

updates: https://dotnet.microsoft.com/en-us/download/dotnet/3.1

Please update your Veeam servers.

 

Regards


6 comments

Userlevel 7
Badge +5

This vulnerability was released on Dec 14, 2021. Is there a new one? https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-43007/Microsoft-.net-Core.html 

Userlevel 4
Badge

This vulnerability was released on Dec 14, 2021. Is there a new one? https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-43007/Microsoft-.net-Core.html 

No but didn’t found it mentioned..

Userlevel 7
Badge +6

Thanks for the hint @vergoted! I haven't heard about this one before. If I get it right, you would ned local access to the backup server in order to exploit it?

Userlevel 7
Badge +5

This one?
https://www.cvedetails.com/cve/CVE-2021-34485/

Has a very low score… but thanks for sharing! :)

Userlevel 7
Badge +5

Thank you for taking the time to share.

Userlevel 4
Badge

This one?
https://www.cvedetails.com/cve/CVE-2021-34485/

Has a very low score… but thanks for sharing! :)

This was the CVE I mentioned.
https://www.cvedetails.com/cve/CVE-2021-43877/ 
is a bit higher CVSS Score, but still low. (4.6)

Comment