Lucene search

K
mscveMicrosoftMS:CVE-2017-0099
HistoryMar 14, 2017 - 7:00 a.m.

Hyper-V Denial of Service Vulnerability

2017-03-1407:00:00
Microsoft
msrc.microsoft.com
14

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

2.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.9%

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.

The security update addresses the vulnerability by preventing out-of-bound memory access.

5.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

2.3 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.9%