CVE-2018-8414

EUVD-2018-20051
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1703
-
microsoftwindows_10_1703
-
microsoftwindows_10_1709
-
microsoftwindows_10_1709
-
microsoftwindows_10_1803
-
microsoftwindows_10_1803
-
microsoftwindows_server_1709
-
microsoftwindows_server_1803
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1703 (x64, x86)
KB4343885
1709 (x64, x86)
KB4343897
1803 (x64, x86)
KB4343909
Windows Server
1709 Server Core
KB4343897
1803 Server Core
KB4343909
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105016
http://www.securitytracker.com/id/1041458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414
http://www.securityfocus.com/bid/105016
http://www.securitytracker.com/id/1041458
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8414
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8414