CVE-2018-0811 Details

CVE-2018-0811

Published: 2018-03-14
Last Modified: 2018-04-05
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Analysis
Common Vulnerability Score System v2.0
Severity Low
Base Score 2.1/10
Exploit Score 3.9/10
Access Vector Local
Access Complexity Low
Authentication None
Impact Score 2.9/10
Confidentiality Impact Partial
Availability Impact None
Integrity Impact None
Vector String AV:L/AC:L/Au:N/C:P/I:N/A:N
Common Vulnerability Score System v3.1
Severity Medium
Base Score 5.5/10
Exploit Score 1.8/10
Access Vector Local
Access Complexity Low
Privileges Required Low
Impact Score 3.6/10
Confidentiality Impact High
Availability Impact None
Integrity Impact None
Scope Unchanged
User Interaction None
Vector String CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* Yes - -
References

http://www.securityfocus.com/bid/103232
http://www.securitytracker.com/id/1040517
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0811

CVE ID
CVE-2018-0811
Published
2018-03-14
Modified
2018-04-05
CVSSv2.0
Low
CVSSv3.1
Medium
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-200

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.