Lucene search

[email protected]NVD:CVE-2018-0818

HistoryJan 10, 2018 - 1:29 a.m.

CVE-2018-0818

2018-01-1001:29:01

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.0%

JSON

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka “Scripting Engine Security Feature Bypass”.

Affected configurations

Nvd

Node

microsoftchakracoreMatch-

VendorProductVersionCPE
microsoftchakracore-cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	chakracore	-	cpe:2.3:a:microsoft:chakracore:-:::::::*

References

www.securityfocus.com/bid/102412

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0818

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.0%

JSON

Related for NVD:CVE-2018-0818

osv1 cvelist1 prion1 mscve1 github1 cve1 kaspersky1 talosblog1 trendmicroblog1