CVE-2017-8712 — Sensitive Information Exposure in Corporation Windows Hyper-v
Severity
5.3MEDIUMNVD
EPSS
3.2%
top 12.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 13
Latest updateMay 17
Description
The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713.
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 0.8 | Impact: 4.0
Affected Packages6 packages
▶CVEListV5microsoft_corporation/windows_hyper-vMicrosoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-pgrg-8fhr-7vx5: The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerabili↗2022-05-17
GHSA▶
GHSA-4j97-wvjp-h3gq: The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-17
GHSA▶
GHSA-h3g9-rw58-vgq2: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to pro↗2022-05-17
GHSA▶
GHSA-jpwm-6fvr-35jv: The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails↗2022-05-17