Vulnerability Name: CVE-2018-8438 (CCN-149045) Assigned: 2018-09-11 Published: 2018-09-11 Updated: 2018-11-02 Summary: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436 , CVE-2018-8437 . CVSS v3 Severity: 6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H 5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2018-8438 105249 Microsoft Windows Hyper-V CVE-2018-8438 Remote Denial of Service Vulnerability 1041624 ms-windows-cve20188438-dos(149045) Windows Hyper-V Denial of Service Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8438 Vulnerable Configuration: Configuration 1 :cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:rt:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1709:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:* BACK
microsoft windows 10 -
microsoft windows 10 1607
microsoft windows 10 1709
microsoft windows 10 1803
microsoft windows 8.1 -
microsoft windows 8.1 -
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2016 1709
microsoft windows server 2016 1803
microsoft windows 8.1 - -
microsoft windows 8.1 -
microsoft windows server 2012 r2
microsoft windows rt 8.1 *
microsoft windows 10 -
microsoft windows 10 -
microsoft windows server 2016
microsoft windows server 1709
microsoft windows server 1803
Denotes that component is vulnerable