CVE-2020-0603
HIGHASP.NET Core - Remote Code Execution via Memory Object Handling
Title source: llmDescription
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0130
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0134
Scores
CVSS v3
8.8
EPSS
0.1079
EPSS Percentile
93.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (17)
microsoft/asp.net_core
2.1
microsoft/asp.net_core
3.0
microsoft/asp.net_core
3.1
nuget/Microsoft.AspNetCore.All
2.1.0 - 2.1.15NuGet
nuget/Microsoft.AspNetCore.App
3.1.0 - 3.1.1NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm
3.1.0 - 3.1.1NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-arm64
3.1.0 - 3.1.1NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
3.1.0 - 3.1.1NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-musl-x64
3.1.0 - 3.1.1NuGet
nuget/Microsoft.AspNetCore.App.Runtime.linux-x64
3.1.0 - 3.1.1NuGet
... and 7 more
Published
Jan 14, 2020
Tracked Since
Feb 18, 2026