Lucene search

[email protected]CVE-2018-8343

HistoryAug 15, 2018 - 5:29 p.m.

CVE-2018-8343

2018-08-1517:29:00

CWE-120

[email protected]

web.nvd.nist.gov

cve-2018-8343

elevation of privilege

ndis

windows

vulnerability

security

cve

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

28.8%

JSON

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342.

VendorProductVersionCPE
microsoftwindows_732-bit Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_7x64-based Systems Service Pack 1cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_server_2012_r2(Server Core installation)cpe:2.3:o:microsoft:windows_server_2012_r2:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_rt_8.1Windows RT 8.1cpe:2.3:o:microsoft:windows_rt_8.1:Windows RT 8.1:*:*:*:*:*:*:*
microsoftwindows_server_2012(Server Core installation)cpe:2.3:o:microsoft:windows_server_2012:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_8.132-bit systemscpe:2.3:o:microsoft:windows_8.1:32-bit systems:*:*:*:*:*:*:*
microsoftwindows_8.1x64-based systemscpe:2.3:o:microsoft:windows_8.1:x64-based systems:*:*:*:*:*:*:*
microsoftwindows_server_2016(Server Core installation)cpe:2.3:o:microsoft:windows_server_2016:(Server Core installation):*:*:*:*:*:*:*
microsoftwindows_server_2008_r2Itanium-Based Systems Service Pack 1cpe:2.3:o:microsoft:windows_server_2008_r2:Itanium-Based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftwindows_server_2008_r2x64-based Systems Service Pack 1cpe:2.3:o:microsoft:windows_server_2008_r2:x64-based Systems Service Pack 1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_7	32-bit Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:32-bit Systems Service Pack 1:::::::*
microsoft	windows_7	x64-based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_7:x64-based Systems Service Pack 1:::::::*
microsoft	windows_server_2012_r2	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2012_r2:(Server Core installation):::::::*
microsoft	windows_rt_8.1	Windows RT 8.1	cpe:2.3:o:microsoft:windows_rt_8.1:Windows RT 8.1:::::::*
microsoft	windows_server_2012	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2012:(Server Core installation):::::::*
microsoft	windows_8.1	32-bit systems	cpe:2.3:o:microsoft:windows_8.1:32-bit systems:::::::*
microsoft	windows_8.1	x64-based systems	cpe:2.3:o:microsoft:windows_8.1:x64-based systems:::::::*
microsoft	windows_server_2016	(Server Core installation)	cpe:2.3:o:microsoft:windows_server_2016:(Server Core installation):::::::*
microsoft	windows_server_2008_r2	Itanium-Based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_server_2008_r2:Itanium-Based Systems Service Pack 1:::::::*
microsoft	windows_server_2008_r2	x64-based Systems Service Pack 1	cpe:2.3:o:microsoft:windows_server_2008_r2:x64-based Systems Service Pack 1:::::::*