ALT-PU-2022-1360-1 — powershell

BDU:2020-04320

MEDIUM6.7

Уязвимость средства контроля приложений Управление приложениями в Защитнике Windows (Windows Defender Application Control, WDAC) средства автоматизации PowerShell Core, позволяющая нарушителю выполнить произвольный код

Published: 2020-09-22

CVSS 3.xMEDIUM 6.7

CVSS:3.x/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

CVE-2020-0951

BDU:2021-04773

HIGH7.5

Уязвимость программного средства .NET Core, расширяемого средства автоматизации PowerShell Core и средства разработки программного обеспечения Visual Studio, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-09-29

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2021-26423

CVE-2020-0951

MEDIUM6.7

A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC.
To exploit the vulnerability, an attacker need administrator access on a local machine where PowerShell is running. The attacker could then connect to a PowerShell session and send commands to execute arbitrary code.
The update addresses the vulnerability by correcting how PowerShell commands are validated when WDAC protection is enabled.

Published: 2020-09-11Modified: 2026-02-23

CVSS 2.0HIGH 7.2

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 3.xMEDIUM 6.7

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

CVE-2021-26423

HIGH7.5

.NET Core and Visual Studio Denial of Service Vulnerability

Published: 2021-08-12Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2021-34485

MEDIUM5.0

.NET Core and Visual Studio Information Disclosure Vulnerability

Published: 2021-08-12Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.0

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

References

CVE-2021-41355

MEDIUM5.7

.NET Core and Visual Studio Information Disclosure Vulnerability

Published: 2021-10-13Modified: 2024-11-21

CVSS 2.0LOW 2.9

CVSS:2.0/AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.7

CVSS:3.x/CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

Package update powershell in branch p10

Closed issues (6)

.NET Core and Visual Studio Denial of Service Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability