CVE-2018-0827 Details

CVE-2018-0827

Published: 2018-02-15
Last Modified: 2019-10-03
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability".

Analysis
Common Vulnerability Score System v2.0
Severity Medium
Base Score 4.6/10
Exploit Score 3.9/10
Access Vector Local
Access Complexity Low
Authentication None
Impact Score 6.4/10
Confidentiality Impact Partial
Availability Impact Partial
Integrity Impact Partial
Vector String AV:L/AC:L/Au:N/C:P/I:P/A:P
Common Vulnerability Score System v3.1
Severity Medium
Base Score 5.3/10
Exploit Score 1.8/10
Access Vector Local
Access Complexity Low
Privileges Required Low
Impact Score 3.4/10
Confidentiality Impact Low
Availability Impact Low
Integrity Impact Low
Scope Unchanged
User Interaction None
Vector String CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* Yes - -
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:* Yes - -
References

http://www.securityfocus.com/bid/102927
http://www.securitytracker.com/id/1040373
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0827

CVE ID
CVE-2018-0827
Published
2018-02-15
Modified
2019-10-03
CVSSv2.0
Medium
CVSSv3.1
Medium
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE Pending

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.