Vulnerability Details : CVE-2018-8167
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Vulnerability category: Gain privilege
Products affected by CVE-2018-8167
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-8167
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-8167
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2018-8167
-
The product does not release or incorrectly releases a resource before it is made available for re-use.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-8167
-
http://www.securityfocus.com/bid/104063
Microsoft Windows Common Log File System CVE-2018-8167 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8167
CVE-2018-8167 | Windows Common Log File System Driver Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to