CVE-2017-0168 - OpenCVE

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:S/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 8.1 Windows Server 2012 Windows Server 2008

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_8.1::::::::
	cpe:2.3:o:microsoft:windows_server_2008::sp2::::::*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2012::::::::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/97418	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038232
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2017-04-12T14:00:00

Updated: 2017-07-10T09:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2017-0168

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-12T14:59:00.593

Modified: 2017-07-11T01:33:25.127

Link: CVE-2017-0168

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "Windows Hyper-V", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2"}]}], "datePublic": "2017-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "1038232", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038232"}, {"name": "97418", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97418"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0168", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows Hyper-V", "version": {"version_data": [{"version_value": "Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "1038232", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038232"}, {"name": "97418", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97418"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0168", "datePublished": "2017-04-12T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2017-07-10T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*", "matchCriteriaId": "2ACA9287-B475-4AF7-A4DA-A7143CEF9E57", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0169."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el Windows Hyper-V Network Switch que se ejecuta en un sistema operativo anfitri\u00f3n Windows 8.1, Windows Server 2008, Windows Server 2008 R2 o Windows Server 2012 R2, no valida adecuadamente la entrada de un usuario autenticado en un sistema operativo invitado, vulnerabilidad tambi\u00e9n conocida como \"Hyper-V Information Disclosure Vulnerability\". Este CVE ID es exclusivo de CVE-2017-0169."}], "id": "CVE-2017-0168", "lastModified": "2017-07-11T01:33:25.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-12T14:59:00.593", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97418"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1038232"}, {"source": "secure@microsoft.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0168"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}