ByteOS Network

NVD Vulnerability Details :

CVE-2018-0886

Analyzed

Source-secure@microsoft.com

Published At-14 Mar, 2018 | 17:29

Updated At-13 Mar, 2019 | 13:45

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103265	secure@microsoft.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040506	secure@microsoft.com	Third Party Advisory VDB Entry
https://blog.preempt.com/security-advisory-credssp	secure@microsoft.com	Exploit Third Party Advisory
https://github.com/preempt/credssp	secure@microsoft.com	Exploit Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03	secure@microsoft.com	Third Party Advisory US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886	secure@microsoft.com	Patch Vendor Advisory
https://www.exploit-db.com/exploits/44453/	secure@microsoft.com	Exploit VDB Entry Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History