CVE-2017-0185 : A denial of service vulnerability exists when Microsoft Hyper-V Network Switch r

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186.

Published 2017-04-12 14:59:01

Updated 2017-07-11 01:33:25

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2017-0185

Microsoft » Windows Server 2012
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-0185

EPSS FAQ

0.67%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 69 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0185

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:N/I:N/A:C	6.8	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.8	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H	1.3	4.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-0185

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0185

http://www.securitytracker.com/id/1038230

Microsoft Hyper-V Input Validation Flaw Lets Local Users on a Guest System Cause Denial of Service Conditions on the Host System - SecurityTracker
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0185

CVE-2017-0185 - Security Update Guide - Microsoft - Windows Hyper-V Denial of Service Vulnerability
Mitigation;Patch;Vendor Advisory
http://www.securityfocus.com/bid/97437

Microsoft Windows Hyper-V CVE-2017-0185 Remote Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-0185

Products affected by CVE-2017-0185

Exploit prediction scoring system (EPSS) score for CVE-2017-0185

CVSS scores for CVE-2017-0185

CWE ids for CVE-2017-0185

References for CVE-2017-0185