CVE-2018-0828

MEDIUM

Description

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability".

References

http://www.securityfocus.com/bid/102935

http://www.securitytracker.com/id/1040373

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0828

Details

Source: MITRE

Published: 2018-02-15

Updated: 2018-03-14

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (1 total)

ID	Name	Product	Family	Severity
106796	KB4074590: Windows 10 Version 1607 and Windows Server 2016 February 2018 Security Update (Meltdown)(Spectre)	Nessus	Windows : Microsoft Bulletins	high