CVE-2018-8417

Description

A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.

Related CPE's

omicrosoftwindows_101607*******

omicrosoftwindows_server_2016-*******

omicrosoftwindows_101703*******

omicrosoftwindows_10-*******

omicrosoftwindows_101709*******

omicrosoftwindows_server_20161709*******

omicrosoftwindows_101803*******

omicrosoftwindows_server_20161803*******

omicrosoftwindows_server_2019-*******

omicrosoftwindows_101809*******

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8417

PatchVendor Advisory

1042120

Third Party AdvisoryVDB Entry

105795

Third Party AdvisoryVDB Entry

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

LOW

IntegrityImpact

LOW

PrivilegesRequired

LOW

BaseScore

5.3

VectorString

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:P

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

4.599999904632568

Created by Yello
About Severity.io