Vulnerability Name: CVE-2017-0097 (CCN-122495) Assigned: 2016-09-09 Published: 2017-03-14 Updated: 2017-07-17 Summary: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098 , CVE-2017-0074 , CVE-2017-0076 , and CVE-2017-0099 . CVSS v3 Severity: 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): AdjacentAttack Complexity (AC): HighPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
6.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 2.3 Low (CVSS v2 Vector: AV:A/AC:M/Au:S/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): Adjacent_NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2017-0097 Security Update for Windows Hyper-V (4013082) 96639 Microsoft Windows Hyper-V CVE-2017-0097 Remote Denial of Service Vulnerability 1037999 ms-hyperv-cve20170097-dos(122495) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0097 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_10:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1511:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* BACK
microsoft windows 10 *
microsoft windows 10 1511
microsoft windows 10 1607
microsoft windows 7 * sp1
microsoft windows 8.1 *
microsoft windows server 2008 * sp2
microsoft windows server 2008 r2
microsoft windows server 2012 *
microsoft windows server 2012 r2
microsoft windows server 2016 *
microsoft windows vista * sp2
microsoft windows 10 *
microsoft windows server 2016
Denotes that component is vulnerable