Vulnerability Details : CVE-2018-0957
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964.
Vulnerability category: Input validationInformation leak
Products affected by CVE-2018-0957
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0957
0.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0957
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:P/I:N/A:N |
3.4
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N |
0.8
|
4.0
|
NIST |
CWE ids for CVE-2018-0957
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0957
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0957
CVE-2018-0957 | Windows Hyper-V Information Disclosure VulnerabilityPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/103628
Microsoft Windows Hyper-V CVE-2018-0957 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040662
Microsoft Hyper-V Input Validation Flaw Lets Local Guest Users Obtain Potentially Sensitive Host System Memory Information - SecurityTrackerThird Party Advisory;VDB Entry
Jump to