What is CVE-2017-0248?

CVE-2017-0248 is a high-severity vulnerability in Microsoft .Net_framework, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2017-05-12.

How severe is CVE-2017-0248?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2017-0248 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft .Net_framework

CVE-2017-0248

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass V…

Vulnerability class: Improper Certificate Validation

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Microsoft .Net_framework — versions 2.0, 3.5, 3.5.1
Microsoft Corporation .Net Framework — versions Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

Public proof-of-concept exploits

References

secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
secure@microsoft.com (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2017-0248?: CVE-2017-0248 is a high-severity vulnerability in Microsoft .Net_framework, classified under Improper Certificate Validation. CVSS score: 7.5/10. Published 2017-05-12.
How severe is CVE-2017-0248?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2017-0248 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.