Lucene search

[email protected]CVE-2017-0159

HistoryApr 12, 2017 - 2:59 p.m.

CVE-2017-0159

2017-04-1214:59:00

[email protected]

web.nvd.nist.gov

cve-2017-0159

security feature bypass

windows 10

windows server 2012 r2

windows 2016

adfs

extranet clients

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka “ADFS Security Feature Bypass Vulnerability.”

Affected configurations

Vulners

NVD

Node

microsoft_corporationwindows

CPENameOperatorVersion
microsoft:windows_10microsoft windows 10eq1607
microsoft:windows_10microsoft windows 10eq1703
microsoft:windows_server_2012microsoft windows server 2012eqr2
microsoft:windows_server_2016microsoft windows server 2016eq*

CPE	Name	Operator	Version
microsoft:windows_10	microsoft windows 10	eq	1607
microsoft:windows_10	microsoft windows 10	eq	1703
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2
microsoft:windows_server_2016	microsoft windows server 2016	eq	*

CNA Affected

[
  {
    "product": "Windows",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 10 1607, Windows Server 2012 R2, and Windows 2016"
      }
    ]
  }
]