CVE-2018-0964 - Vulnerability Details - OpenCVE

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 10 Windows Server 2016

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10:1703:::::::*
	cpe:2.3:o:microsoft:windows_10:1709:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:1709:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103646
http://www.securitytracker.com/id/1040662
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2018-04-12T01:00:00

Updated: 2024-08-05T03:44:11.911Z

Reserved: 2017-12-01T00:00:00

Link: CVE-2018-0964

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-04-12T01:29:06.550

Modified: 2024-11-21T03:39:19.067

Link: CVE-2018-0964

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Windows 10", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Version 1703 for x64-based Systems"}, {"status": "affected", "version": "Version 1709 for x64-based Systems"}]}, {"product": "Windows 10 Servers", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "version 1709 (Server Core Installation)"}]}], "datePublic": "2018-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-04-12T09:57:02", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "103646", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103646"}, {"name": "1040662", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040662"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2018-0964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows 10", "version": {"version_data": [{"version_value": "Version 1703 for x64-based Systems"}, {"version_value": "Version 1709 for x64-based Systems"}]}}, {"product_name": "Windows 10 Servers", "version": {"version_data": [{"version_value": "version 1709 (Server Core Installation)"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "103646", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103646"}, {"name": "1040662", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040662"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:44:11.911Z"}, "title": "CVE Program Container", "references": [{"name": "103646", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103646"}, {"name": "1040662", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040662"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2018-0964", "datePublished": "2018-04-12T01:00:00", "dateReserved": "2017-12-01T00:00:00", "dateUpdated": "2024-08-05T03:44:11.911Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Windows Hyper-V, en un sistema operativo host, valida incorrectamente entradas de un usuario autenticado en un sistema operativo invitado. Esto tambi\u00e9n se conoce como \"Hyper-V Information Disclosure Vulnerability\". Esto afecta a Windows 10 y Windows 10 Servers. El ID de este CVE es diferente de CVE-2018-0957."}], "id": "CVE-2018-0964", "lastModified": "2024-11-21T03:39:19.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-12T01:29:06.550", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103646"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040662"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103646"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0964"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}