Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2018-8306

Опубликовано: 10 июл. 2018
Источник: msrc
CVSS3: 5.5
EPSS Низкий

Описание

Microsoft Wireless Display Adapter Command Injection Vulnerability

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display.

To exploit the vulnerability, an attacker who is connected to the MWDA could send administrative commands to the MWDA, including commands with illegal characters which could cause the MWDA to stop functioning correctly.

The update addresses the vulnerability by modifying how the Microsoft Wireless Display Adapter manages administrative input.

Меры по смягчению последствий

Launch the Microsoft Wireless Display Adapter Windows App. Click on the Security Settings tab. Click on the Pair with PIN Code check box.

FAQ

How do I download the firmware for my Microsoft Wireless Display Adapter?

The firmware is downloadable from the Wireless Display Adapter App which is available in the Microsoft App Store. The links in the Affected Products table will take you to the App Store. If the App is already installed, you can launch it from this window. Click on the Firmware tab and click the Download button.

Обновления

ПродуктСтатьяОбновление
Microsoft Wireless Display Adapter V2 Software Version 2.0.8350
Security Update
Microsoft Wireless Display Adapter V2 Software Version 2.0.8365
Security Update
Microsoft Wireless Display Adapter V2 Software Version 2.0.8372
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 74%
0.0088
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-8306

CVSS3: 5.5
nvd
около 7 лет назад

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software.

github логотип

GHSA-m37p-x6xc-38vx

CVSS3: 5.5
github
больше 3 лет назад

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Display Adapter Command Injection Vulnerability." This affects Microsoft Wireless Display Adapter V2 Software.

EPSS

Процентиль: 74%
0.0088
Низкий

5.5 Medium

CVSS3