Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)

Information

Severity

Severity

Medium

Family

Family

General

CVSSv2 Base

CVSSv2 Base

5.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

4 years ago

Share

Summary

This host is missing an important security update for PowerShell Core according to Microsoft security update January 2018.

Insight

Insight

Multiple flaws are due to, - An error in the open source versions of PowerShell Core when improper processing of XML documents by .NET Core occurs. - An error in the open source versions of PowerShell Core where an attacker could present a certificate that is marked invalid for a specific use, but a .NET Core component uses it for that purpose. This action disregards the Enhanced Key Usage tagging.

Affected Software

Affected Software

PowerShell Core version 6.0.0 before 6.0.1

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update PowerShell Core to version 6.0.1 or later.

Common Vulnerabilities and Exposures (CVE)

References