CVE-2018-0748 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2012	-
microsoft	windows_server_2016	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4056893
1511 (x64, x86)	KB4056888
1607 (x64, x86)	KB4056890
1703 (x64, x86)	KB4056891
1709 (x64, x86)	KB4056892

Windows 7

Service Pack 1 (x64, x86)

Windows 8.1

(x64, x86)

Windows Server

1709 Server Core

Windows Server 2008

Service Pack 2 (x64, x86)	KB4056615
Service Pack 2 Server Core (x64, x86)	KB4056615

Windows Server 2008 R2

Service Pack 1 (x64)	KB4056897
Service Pack 1 Server Core (x64)	KB4056897

Windows Server 2012

Server Core	KB4056899
Standard	KB4056899

Windows Server 2012 R2

Server Core	KB4056898
Standard	KB4056898

Windows Server 2016

Server Core	KB4056890
Standard	KB4056890

Known Exploits!

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References

http://www.securityfocus.com/bid/102354

http://www.securitytracker.com/id/1040095

https://95cnsec.com/windows-kernel-cve-2018-0748-exploit.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748

https://www.exploit-db.com/exploits/43514/

http://www.securityfocus.com/bid/102354

http://www.securitytracker.com/id/1040095

https://95cnsec.com/windows-kernel-cve-2018-0748-exploit.html

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748

https://www.exploit-db.com/exploits/43514/