Lucene search

[email protected]CVE-2017-0173

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-0173

2017-06-1501:29:01

[email protected]

web.nvd.nist.gov

microsoft

windows

device guard

bypass

vulnerability

security feature

powershell

cve-2017-0173

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.2 Medium

AI Score

Confidence

High

0.946 High

EPSS

Percentile

99.3%

JSON

Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_windows

CPENameOperatorVersion
microsoft:windows_10microsoft windows 10eq1607
microsoft:windows_server_2016microsoft windows server 2016eq-

CPE	Name	Operator	Version
microsoft:windows_10	microsoft windows 10	eq	1607
microsoft:windows_server_2016	microsoft windows server 2016	eq	-

CNA Affected

[
  {
    "product": "Microsoft Windows",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows 10 1607 and Windows Server 2016."
      }
    ]
  }
]