Lucene search

K
huaweiHuawei TechnologiesHUAWEI-SA-20171220-02-WINDOWS
HistoryDec 20, 2017 - 12:00 a.m.

Security Advisory - Remote Code Execution Vulnerability in Windows DNSAPI

2017-12-2000:00:00
Huawei Technologies
www.huawei.com
34
microsoft
security advisory
remote code execution
vulnerability
windows dnsapi
unauthenticated attacker
malicious dns server
corrupted dns responses
arbitrary code
local system account
cve-2017-11779
huawei
software updates

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.506

Percentile

97.6%

Microsoft released a security advisory to disclose a remote code execution vulnerability in Windows Domain Name System (DNS) DNSAPI.dll. An unauthenticated, remote attacker would use a malicious DNS server to send corrupted DNS responses to the target. The attacker could exploit the vulnerability to run arbitrary code in the context of the Local System Account. (Vulnerability ID: HWPSIRT-2017-10073)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-11779.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-windows-en

Affected configurations

Vulners
Node
huawein2000_appliance_firmwareMatchv100r001c00
OR
huaweiespace_firmwareMatchv200r001c50
OR
huaweiespace_firmwareMatchv200r001c50
OR
huaweiespace_firmwareMatchv200r001c50
OR
huaweiespace_firmwareMatchv200r001c50
OR
huaweiespace_firmwareMatchv200r001c50
VendorProductVersionCPE
huawein2000_appliance_firmwarev100r001c00cpe:2.3:a:huawei:n2000_appliance_firmware:v100r001c00:*:*:*:*:*:*:*
huaweiespace_firmwarev200r001c50cpe:2.3:o:huawei:espace_firmware:v200r001c50:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.506

Percentile

97.6%