Vulnerability Details : CVE-2017-0159
A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."
Products affected by CVE-2017-0159
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0159
4.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0159
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
3.7
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N |
2.2
|
1.4
|
NIST |
References for CVE-2017-0159
-
http://www.securitytracker.com/id/1038243
Microsoft Active Directory Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/97449
Microsoft Windows ADFS CVE-2017-0159 Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159
CVE-2017-0159 | ADFS Security Feature Bypass VulnerabilityPatch;Vendor Advisory
Jump to