CVE-2018-1039

MEDIUM

Description

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.

References

http://www.securityfocus.com/bid/104072

http://www.securitytracker.com/id/1040851

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1039

Details

Source: MITRE

Published: 2018-05-09

Updated: 2018-06-14

Type: CWE-254

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH