Vulnerability Name: CVE-2018-8320 (CCN-150376) Assigned: 2018-10-09 Published: 2018-10-09 Updated: 2019-10-03 Summary: A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. CVSS v3 Severity: 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Bypass Security References: Source: MITRECVE-2018-8320 105503 Microsoft Windows DNS CVE-2018-8320 Security Bypass Vulnerability 1041830 ms-dns-cve20188320-sec-bypass(150376) Windows DNS Security Feature Bypass Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:-:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:-:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_1709:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_1803:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* BACK
microsoft windows 10 1607
microsoft windows 10 1709
microsoft windows 10 1803
microsoft windows 10 1809
microsoft windows server 2008 - sp1
microsoft windows server 2008 - sp1
microsoft windows server 2008 - sp2
microsoft windows server 2012 -
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2016 1709
microsoft windows server 2016 1803
microsoft windows server 2019 -
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows server 2012 r2
microsoft windows 10 -
microsoft windows 10 *
microsoft windows server 2016
microsoft windows server 1709
microsoft windows server 1803
microsoft windows server 2019
Denotes that component is vulnerable