Vulnerability Details : CVE-2017-11782
The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability".
Vulnerability category: Input validationGain privilege
Products affected by CVE-2017-11782
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11782
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11782
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-11782
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11782
-
http://www.securitytracker.com/id/1039528
Windows Server Message Block Multiple Flaws Let Remote Authenticated Users Execute Arbitrary Code and Obtain Potentially Sensitive Information, Remote Users Deny Service, and Local Users Gain ElevatedThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/101143
Microsoft Windows SMB Server CVE-2017-11782 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782
CVE-2017-11782 | Windows SMB Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to