Vulnerability Details : CVE-2017-0186

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185.

Vulnerability category: Input validationDenial of service

Published 2017-04-12 14:59:01

Updated 2017-04-18 16:53:07

Source Microsoft Corporation

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2017-0186

Probability of exploitation activity in the next 30 days: 0.09%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 38 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-0186

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:N/I:N/A:C	6.8	6.9	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.8	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H	1.3	4.0	nvd@nist.gov
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-0186

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-0186

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0186

CVE-2017-0186 - Security Update Guide - Microsoft - Windows Hyper-V Denial of Service Vulnerability
Mitigation;Patch;Vendor Advisory
http://www.securityfocus.com/bid/97438

Microsoft Windows Hyper-V CVE-2017-0186 Remote Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Products affected by CVE-2017-0186

Microsoft » Windows Server 2012
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10
cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1511
cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions