Lucene search

[email protected]CVE-2017-0219

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-0219

2017-06-1501:29:01

[email protected]

web.nvd.nist.gov

cve-2017-0219

microsoft

windows 10

windows server 2016

device guard

security vulnerability

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

5.3 Medium

AI Score

Confidence

High

0.946 High

EPSS

Percentile

99.3%

JSON

Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218.

Affected configurations

Vulners

NVD

Node

microsoft_corporationmicrosoft_windows

CPENameOperatorVersion
microsoft:windows_10microsoft windows 10eq1511
microsoft:windows_10microsoft windows 10eq1607
microsoft:windows_server_2016microsoft windows server 2016eq-

CPE	Name	Operator	Version
microsoft:windows_10	microsoft windows 10	eq	1511
microsoft:windows_10	microsoft windows 10	eq	1607
microsoft:windows_server_2016	microsoft windows server 2016	eq	-

CNA Affected

[
  {
    "product": "Microsoft Windows",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016."
      }
    ]
  }
]