Lucene search

MicrosoftCVE-2017-0215

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-0215

2017-06-1501:29:01

CWE-668

microsoft

web.nvd.nist.gov

cve-2017-0215

microsoft windows

windows 10

windows server 2016

device guard

security

vulnerability

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

5.2

Confidence

High

EPSS

0.937

Percentile

99.2%

JSON

Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_10Match1607

microsoftwindows_server_2016Match-

VendorProductVersionCPE
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_server_2016-cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_server_2016	-	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

CNA Affected

[
  {
    "product": "Microsoft Windows",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows 10 1607 and Windows Server 2016."
      }
    ]
  }
]