Lucene search

MicrosoftCVE-2018-0833

HistoryFeb 15, 2018 - 2:29 a.m.

CVE-2018-0833

2018-02-1502:29:02

CWE-476

microsoft

web.nvd.nist.gov

cve-2018-0833

microsoft

smbv2

smbv3

windows 8.1

rt 8.1

windows server 2012 r2

denial of service

null dereference

vulnerability

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.1

Confidence

High

EPSS

0.025

Percentile

90.4%

JSON

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka “SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability”.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Matchr2

VendorProductVersionCPE
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
microsoftwindows_rt_8.1-cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
microsoftwindows_server_2012r2cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
microsoft	windows_rt_8.1	-	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
microsoft	windows_server_2012	r2	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

CNA Affected

[
  {
    "product": "Server Message Block",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 8.1 and RT 8.1 and Windows Server 2012 R2"
      }
    ]
  }
]