CVE-2018-8493

EUVD-2018-20123
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
-
microsoftwindows_10_1607
-
microsoftwindows_10_1703
-
microsoftwindows_10_1709
-
microsoftwindows_10_1803
-
microsoftwindows_8.1
-
microsoftwindows_8.1
-
microsoftwindows_8.1
-
microsoftwindows_server_1709
-
microsoftwindows_server_1803
-
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4462922
1607 (x64, x86)
KB4462917
1703 (x64, x86)
KB4462937
1709 (x64, x86)
KB4462918
1803 (x64, x86)
KB4462919
Windows 8.1
(x64, x86)
KB4462941
Windows RT 8.1
All
KB4462926
Windows Server
1709 Server Core
KB4462918
1803 Server Core
KB4462919
Windows Server 2012 R2
Server Core
KB4462941
Standard
KB4462941
Windows Server 2016
Server Core
KB4462917
Standard
KB4462917
References
http://www.securityfocus.com/bid/105456
http://www.securitytracker.com/id/1041843
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493
http://www.securityfocus.com/bid/105456
http://www.securitytracker.com/id/1041843
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8493