CVE Vulnerability

CVE-2018-0961

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

7.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 4.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.6 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1 / Impact : 6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0961 Patch Vendor Advisory
http://www.securitytracker.com/id/1040843 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104032 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
Information

Published : 2018-05-09 07:29

Updated : 2018-06-14 02:14

NVD link : CVE-2018-0961

Mitre link : CVE-2018-0961

Products Affected
No products.
CWE
CWE-20