Lucene search

MicrosoftCVE-2017-8555

HistoryJun 15, 2017 - 1:29 a.m.

CVE-2017-8555

2017-06-1501:29:04

CWE-20

microsoft

web.nvd.nist.gov

microsoft

edge

windows 10

1703

content security policy

bypass

vulnerability

cve-2017-8555

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.

Affected configurations

Nvd

Vulners

Node

microsoftedge

AND

microsoftwindows_10Match1703

VendorProductVersionCPE
microsoftedge*cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
microsoftwindows_101703cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	edge	*	cpe:2.3:a:microsoft:edge::::::::
microsoft	windows_10	1703	cpe:2.3:o:microsoft:windows_10:1703:::::::*

CNA Affected

[
  {
    "product": "Microsoft Edge",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows 10 1703."
      }
    ]
  }
]