Lucene search

MicrosoftCVE-2017-11782

HistoryOct 13, 2017 - 1:29 p.m.

CVE-2017-11782

2017-10-1313:29:00

CWE-20

microsoft

web.nvd.nist.gov

cve-2017-11782

microsoft

smb

elevation of privilege

windows 10

windows server 2016

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

35.3%

JSON

The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka “Windows SMB Elevation of Privilege Vulnerability”.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_10Match1607

microsoftwindows_server_2016

VendorProductVersionCPE
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_server_2016*cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_server_2016	*	cpe:2.3:o:microsoft:windows_server_2016::::::::

CNA Affected

[
  {
    "product": "Server Block Message (SMB)",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows 10 1607 and Windows Server 2016"
      }
    ]
  }
]