CVE-2018-0886

Опубликовано: 14 мар. 2018

Источник: nvd

CVSS3: 7

CVSS2: 7.6

EPSS Критический

Описание

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

Ссылки

http://www.securityfocus.com/bid/103265
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040506
Third Party Advisory
VDB Entry
https://blog.preempt.com/security-advisory-credssp
Exploit
Third Party Advisory
https://github.com/preempt/credssp
Exploit
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03
Third Party Advisory
US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/44453/
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/103265
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040506
Third Party Advisory
VDB Entry
https://blog.preempt.com/security-advisory-credssp
Exploit
Third Party Advisory
https://github.com/preempt/credssp
Exploit
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03
Third Party Advisory
US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886
Patch
Vendor Advisory
https://www.exploit-db.com/exploits/44453/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91311

Критический

7 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

CVE-2018-0886

CVSS3: 7.1

msrc

больше 7 лет назад

CredSSP Remote Code Execution Vulnerability

GHSA-hrh9-4g5w-7q9j

CVSS3: 7

github

около 3 лет назад

BDU:2018-00607

CVSS3: 7

fstec

больше 7 лет назад

Уязвимость протокола безопасности учетных данных (Credential Security Support Provider protocol, CredSSP) операционной системы Windows, позволяющая нарушителю выполнять произвольные команды от имени легитимного пользователя

openSUSE-SU-2019:0325-1

suse-cvrf

около 6 лет назад

Security update for freerdp

openSUSE-SU-2019:0096-1

suse-cvrf

больше 6 лет назад

Security update for freerdp

EPSS

Процентиль: 100%

0.91311

Критический

7 High

CVSS3

7.6 High

CVSS2

Дефекты

CWE-287