CVE-2017-0169 - OpenCVE

An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:A/AC:M/Au:S/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 8.1 Windows Server 2012

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_8.1::::::::
	cpe:2.3:o:microsoft:windows_server_2012::::::::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/97459	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038232
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169	Mitigation Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2017-04-12T14:00:00

Updated: 2017-07-10T09:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2017-0169

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-12T14:59:00.623

Modified: 2017-07-11T01:33:25.173

Link: CVE-2017-0169

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Windows Hyper-V", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows 8.1, Windows Server 2012, and Windows Server 2012 R2"}]}], "datePublic": "2017-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"name": "97459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97459"}, {"name": "1038232", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038232"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows Hyper-V", "version": {"version_data": [{"version_value": "Windows 8.1, Windows Server 2012, and Windows Server 2012 R2"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"name": "97459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97459"}, {"name": "1038232", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038232"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0169", "datePublished": "2017-04-12T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2017-07-10T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Windows Hyper-V que se ejecuta en un sistema operativo anfitri\u00f3n de Windows 8.1, Windows Server 2012 o Windows Server 2012 R2, no valida adecuadamente la entrada de un usuario autenticado en un sistema operativo invitado, vulnerabilidad tambi\u00e9n conocida como \"Hyper-V Information Disclosure Vulnerabilidad\". Este CVE ID es exclusivo de CVE-2017-0168."}], "id": "CVE-2017-0169", "lastModified": "2017-07-11T01:33:25.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-12T14:59:00.623", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97459"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1038232"}, {"source": "secure@microsoft.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}