CVE-2018-0957

Опубликовано: 12 апр. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 1.9

EPSS Низкий

Описание

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964.

Ссылки

http://www.securityfocus.com/bid/103628
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040662
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103628
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040662
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00451

Низкий

5.3 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-0957

CVSS3: 7.2

msrc

около 7 лет назад

Windows Hyper-V Information Disclosure Vulnerability

GHSA-g69x-6vh2-x277