/

CVE-2021-26701 Report - Details, Severity, & Advisorie...

CVE-2021-26701 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2021-26701?

CVE-2021-26701 is a critical remote code execution vulnerability in certain versions of .NET Core, PowerShell Core, Visual Studio, and Fedora. It has a severity score of 9.8 (NIST) and 8.1 (Microsoft). Users should update their software to mitigate the risk.

Who is impacted by CVE-2021-26701?

The CVE-2021-26701 vulnerability affects users of certain software configurations, including Microsoft .NET, .NET Core, PowerShell Core, and Visual Studio 2019. Specifically, impacted versions are Microsoft .NET 5.0 up to 5.0.4, .NET Core 2.1 up to 2.1.28 and 3.1 up to 3.1.15, PowerShell Core 7.0 and 7.1, and Visual Studio 2019 versions 16.0 up to 16.9, including the macOS version. Additionally, Fedora users with the dotnet3.1 package installed on Fedora 32 and 33, as well as the dotnet5.0 package installed on Fedora 34, are also affected.

What to do if CVE-2021-26701 affected you

If you're affected by the CVE-2021-26701 vulnerability, it's crucial to update your software to mitigate potential risks. Follow these steps:

  1. For Fedora users, update the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

  2. Update to .NET Core SDK 3.1.113 and Runtime 3.1.13 for other affected systems.

By taking these steps, you can help protect your system from unauthorized access and potential harm.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-26701 vulnerability, also known as the .NET Core Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Users should update their software to mitigate potential risks. For Fedora users, this involves updating the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as "Insufficient Information" (NVD-CWE-noinfo), indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2021-26701 Report - Details, Severity, & Advisorie...

CVE-2021-26701 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2021-26701?

CVE-2021-26701 is a critical remote code execution vulnerability in certain versions of .NET Core, PowerShell Core, Visual Studio, and Fedora. It has a severity score of 9.8 (NIST) and 8.1 (Microsoft). Users should update their software to mitigate the risk.

Who is impacted by CVE-2021-26701?

The CVE-2021-26701 vulnerability affects users of certain software configurations, including Microsoft .NET, .NET Core, PowerShell Core, and Visual Studio 2019. Specifically, impacted versions are Microsoft .NET 5.0 up to 5.0.4, .NET Core 2.1 up to 2.1.28 and 3.1 up to 3.1.15, PowerShell Core 7.0 and 7.1, and Visual Studio 2019 versions 16.0 up to 16.9, including the macOS version. Additionally, Fedora users with the dotnet3.1 package installed on Fedora 32 and 33, as well as the dotnet5.0 package installed on Fedora 34, are also affected.

What to do if CVE-2021-26701 affected you

If you're affected by the CVE-2021-26701 vulnerability, it's crucial to update your software to mitigate potential risks. Follow these steps:

  1. For Fedora users, update the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

  2. Update to .NET Core SDK 3.1.113 and Runtime 3.1.13 for other affected systems.

By taking these steps, you can help protect your system from unauthorized access and potential harm.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-26701 vulnerability, also known as the .NET Core Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Users should update their software to mitigate potential risks. For Fedora users, this involves updating the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as "Insufficient Information" (NVD-CWE-noinfo), indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2021-26701 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2021-26701?

CVE-2021-26701 is a critical remote code execution vulnerability in certain versions of .NET Core, PowerShell Core, Visual Studio, and Fedora. It has a severity score of 9.8 (NIST) and 8.1 (Microsoft). Users should update their software to mitigate the risk.

Who is impacted by CVE-2021-26701?

The CVE-2021-26701 vulnerability affects users of certain software configurations, including Microsoft .NET, .NET Core, PowerShell Core, and Visual Studio 2019. Specifically, impacted versions are Microsoft .NET 5.0 up to 5.0.4, .NET Core 2.1 up to 2.1.28 and 3.1 up to 3.1.15, PowerShell Core 7.0 and 7.1, and Visual Studio 2019 versions 16.0 up to 16.9, including the macOS version. Additionally, Fedora users with the dotnet3.1 package installed on Fedora 32 and 33, as well as the dotnet5.0 package installed on Fedora 34, are also affected.

What to do if CVE-2021-26701 affected you

If you're affected by the CVE-2021-26701 vulnerability, it's crucial to update your software to mitigate potential risks. Follow these steps:

  1. For Fedora users, update the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

  2. Update to .NET Core SDK 3.1.113 and Runtime 3.1.13 for other affected systems.

By taking these steps, you can help protect your system from unauthorized access and potential harm.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2021-26701 vulnerability, also known as the .NET Core Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. Users should update their software to mitigate potential risks. For Fedora users, this involves updating the dotnet3.1 package on Fedora 32 and 33, and the dotnet5.0 package on Fedora 34 using the "dnf" update program.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as "Insufficient Information" (NVD-CWE-noinfo), indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.