Miggo Logo

CVE-2021-26423: .NET Core Elevation of Privilege Vulnerability

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.84503%
CWE
-
Published
10/25/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.NETCore.App.Runtime.win-x86nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.win-x86nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.win-x64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.win-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.win-arm64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.win-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.win-armnuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.win-armnuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.osx-x64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.osx-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.osx-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-armnuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.linux-x64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.linux-musl-x64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-musl-x64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.linux-musl-arm64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-musl-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.linux-musl-armnuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.rhel.6-x64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-arm64nuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-arm64nuget>= 5.0.0, < 5.0.95.0.9
Microsoft.NETCore.App.Runtime.linux-armnuget>= 3.1.0, < 3.1.183.1.18
Microsoft.NETCore.App.Runtime.linux-armnuget>= 5.0.0, < 5.0.95.0.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers on WebSocket frame processing leading to infinite loops. Analysis of .NET Core's WebSocket implementation shows:

  1. ReceiveAsyncPrivate is the primary frame processing method handling payload parsing
  2. The vulnerability description matches scenarios where payload length validation fails
  3. Historical fixes for similar WebSocket DoS issues in .NET Core target these methods
  4. Microsoft's security bulletin specifically mentions WebSocket endpoint handling as the attack vector While exact patch diffs aren't provided, the combination of vulnerability characteristics and .NET Core architecture strongly implicates these core WebSocket processing functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Mi*roso*t is r*l**sin* t*is s**urity **visory to provi** in*orm*tion **out * vuln*r**ility in .N*T *.* *n* .N*T *or* *.*. T*is **visory *lso provi**s *ui**n** on w**t **v*lop*rs **n *o to up**t* t**ir *ppli**tions to r*mov* t*is vuln*r**ility. * **n

Reasoning

T** vuln*r**ility **nt*rs on W**So*k*t *r*m* pro**ssin* l***in* to in*init* loops. *n*lysis o* .N*T *or*'s W**So*k*t impl*m*nt*tion s*ows: *. R***iv**syn*Priv*t* is t** prim*ry *r*m* pro**ssin* m*t*o* **n*lin* p*ylo** p*rsin* *. T** vuln*r**ility **s