Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0823 — Corporation Named Pipe File System vulnerability

6 documents5 sources

Severity

7.0HIGHNVD

EPSS

3.1%

top 13.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation Named Pipe File System Microsoft Windows 10 Microsoft Windows Server 2016 +3 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft_corporation/named_pipe_file_systemWindows 10 version 1709 and Windows Server, version 1709

▶msrcmsrc/windows_10_version_1709_for_32-bit_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_server_version_1709

▶NVDmicrosoft/windows1709

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-cp9c-27vj-p496: The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way t↗2022-05-13

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior↗2018-02-20

▶

📋Vendor Advisories

Microsoft

Named Pipe File System Elevation of Privilege Vulnerability↗2018-02-13

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶

Talos

Microsoft Patch Tuesday - February 2018↗2018-02-13

▶