Vulnerability Details : CVE-2018-0822
Potential exploit
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
Vulnerability category: Gain privilege
Products affected by CVE-2018-0822
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0822
0.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0822
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
References for CVE-2018-0822
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0822
CVE-2018-0822 | Windows NTFS Global Reparse Point Elevation of Privilege VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/102942
Microsoft Windows CVE-2018-0822 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040378
Windows NTFS Object Handling Error Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/44147/
Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of PrivilegeExploit;Third Party Advisory;VDB Entry
Jump to