Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0751Improper Privilege Management in Corporation Windows Kernel

CWE-269Improper Privilege ManagementCWE-732Incorrect Permission Assignment8 documents5 sources
Severity
7.8HIGHNVD
NVD7.1
EPSS
6.0%
top 9.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
20
Microsoft Corporation Windows KernelMicrosoft Windows 10Microsoft Windows Server 2012+17 more
Timeline
PublishedJan 4
Latest updateMay 13

Description

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages19 packages

🔴Vulnerability Details

2
GHSA
GHSA-f7c8-ppgq-wfqr: The Windows Kernel API in Windows 82022-05-13
GHSA
GHSA-w8xm-xfv6-7g76: The Windows Kernel API in Windows 82022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege Escalation2018-01-11

📋Vendor Advisories

1
Microsoft
Windows Elevation of Privilege Vulnerability2018-01-09

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday - January 20182018-01-09
Talos
Microsoft Patch Tuesday - January 20182018-01-09
CVE-2018-0751 — Improper Privilege Management | cvebase