CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
31.1%
In some circumstances, some operating systems or hypervisors may not expect or properly handle an Intel architecture hardware debug exception. The error appears to be due to developer interpretation of existing documentation for certain Intel architecture interrupt/exception instructions, namely MOV SS and POP SS.
CWE-703**: Improper Check or Handling of Exceptional Conditions -**CVE-2018-8897
The MOV SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV SS or POP SS instruction itself). Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol 3A; section 2.3).
If the instruction following the MOV SS or POP SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at Current Privilege Level (CPL) < 3, a debug exception is delivered after the transfer to CPL < 3 is complete. Such deferred #DB exceptions by MOV SS and POP SS may result in unexpected behavior.
Therefore, in certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3. This may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions.
Several operating systems appear to incorrectly handle this exception due to interpretation of potentially unclear existing documentation and guidance on the use of these instructions.
More details can be found in the researcher’s paper.
An authenticated attacker may be able to read sensitive data in memory or control low-level operating system functions,
Apply an update
Check with your operating system or software vendor for updates to address this issue. There is no expected performance impact for applying an update. A list of affected vendors and currently-known updates is provided below.
631579
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 01, 2018 Updated: May 08, 2018
Statement Date: May 08, 2018
Affected
We have not received a statement from the vendor.
Apple has released a Security Update 2018-001 to address this issue.
Notified: May 01, 2018 Updated: May 10, 2018
Statement Date: May 10, 2018
Affected
Check Point sees these as non-exploitable, taking our business logic and best practices into consideration.
See details at SecureKnowledge sk126534.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: April 30, 2018 Updated: May 07, 2018
Statement Date: May 07, 2018
Affected
We have not received a statement from the vendor.
More information is available in the FreeBSD Security Advisory 18:06.
Updated: May 08, 2018
Statement Date: May 08, 2018
Affected
We have not received a statement from the vendor.
The issue was fixed upstream on March 23, with Linux “stable” branches was fixed shortly thereafter. Therefore the following kernels (or higher) contain the patch: 4.15.14, 4.14.31, 4.9.91, 4.4.125. The older 4.1, 3.16, and 3.2 branches are also affected.
Notified: May 01, 2018 Updated: May 01, 2018
Statement Date: May 01, 2018
Affected
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 08, 2018
Statement Date: May 08, 2018
Affected
We have not received a statement from the vendor.
Red Hat Enterprise Linux is affected. Please see the security advisory for more information.
Notified: May 01, 2018 Updated: May 01, 2018
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 08, 2018
Statement Date: May 08, 2018
Affected
We have not received a statement from the vendor.
Please see Ubuntu Security Notices USN-3641-1 and USN-3641-2 for more details.
Notified: May 01, 2018 Updated: May 07, 2018
Statement Date: May 07, 2018
Affected
We have not received a statement from the vendor.
VMware has issued a statement about this vulnerability report. Please see the statement for full details.
Notified: May 01, 2018 Updated: May 01, 2018
Statement Date: May 01, 2018
Affected
All versions of Xen are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable.
Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability.
An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.
Running only HVM or PVH guests avoids the vulnerability.
Note however that a compromised device model (running in dom0 or a stub domain) can carry out this attack, so users with HVM domains are also advised to patch their systems.
Applying the appropriate attached patch resolves this issue.
For the full statement, please see Xen Advisory 260.
Notified: May 01, 2018 Updated: May 30, 2018
Statement Date: May 27, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 09, 2018
Statement Date: May 05, 2018
Not Affected
We have not received a statement from the vendor.
At this time, we are not aware of any Intel Products affected by CVE-2018-8897.
Notified: May 01, 2018 Updated: May 01, 2018
Not Affected
We have not received a statement from the vendor.
SmartOS does not allow access to the debug register outside of debug mode and so is not affected.
Notified: May 01, 2018 Updated: May 01, 2018
Not Affected
We have not received a statement from the vendor.
NetBSD does not support debug register and so is not affected.
Notified: May 01, 2018 Updated: May 08, 2018
Statement Date: May 08, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: June 06, 2018
Statement Date: June 05, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 21, 2018
Statement Date: May 14, 2018
Not Affected
No Zyxel products are vulnerable to unexpected operating system behavior resulting from an Intel architecture hardware debug exception, as reported in [CERT/CC] vulnerability note VU#631579 at <https://www.kb.cert.org/vuls/id/631579>.
Zyxel has issued Zyxel-SA-1135-01 stating that no products are affected.
Notified: May 01, 2018 Updated: May 08, 2018
Statement Date: May 08, 2018
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: May 07, 2018
Unknown
We have not received a statement from the vendor.
Oracle Solaris is not affected by CVE-2018-8897
.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: May 01, 2018 Updated: April 30, 2018
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 124 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Temporal | 5.3 | E:POC/RL:OF/RC:C |
Environmental | 5.3 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Microsoft and Intel credit Nick Peterson of Everdox Tech, LLC, for responsibly reporting this vulnerability and working with the group on coordinated disclosure. Andy Lutomirski is also credited for assistance in documenting the vulnerability for Linux.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2018-8897 |
---|---|
Date Public: | 2018-05-08 Date First Published: |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
31.1%