CVE-2017-0182Improper Input Validation in Corporation Hyper-v

CWE-20Improper Input Validation15 documents3 sources
Severity
5.8MEDIUMNVD
NVD5.4
EPSS
0.4%
top 40.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Corporation Hyper-vMicrosoft Windows 10Microsoft Windows Server 2008+10 more
Timeline
PublishedApr 12
Latest updateMay 17

Description

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.3 | Impact: 4.0

Affected Packages12 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-pg3w-h29g-j5vv: A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 82022-05-17
GHSA
GHSA-584v-594r-2crm: A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 82022-05-17
GHSA
GHSA-2hjc-v6h4-434p: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 82022-05-17
GHSA
GHSA-4849-x279-v4q2: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 82022-05-17
GHSA
GHSA-283j-fp4h-g37g: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 82022-05-17

📋Vendor Advisories

1
Microsoft
Windows Hyper-V Denial of Service Vulnerability2017-04-11