cbcvebase.
CVE-2018-8140
published 2018-06-14

CVE-2018-8140: An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of…

PriorityP181medium6.8CVSS 3.0
AVPACLPRNUINSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
1.64%
73.5th percentile
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.

Affected

15 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_servers
microsoftwindows_10_servers
microsoftwindows_server_2016
msrcwindows_10_version_1709_for_32-bit_systems
msrcwindows_10_version_1709_for_x64-based_systems
msrcwindows_10_version_1803_for_32-bit_systems
msrcwindows_10_version_1803_for_x64-based_systems
msrcwindows_server_version_1709
msrcwindows_server_version_1803

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires physical or console access to the target system with Cortana assistance enabled
  • Vulnerability is in Windows Shell component (Cortana) — monitor for elevated command execution originating from Cortana/shell input services on locked or restricted sessions
  • ·Vulnerability only applies to Windows 10 and Windows 10 Servers with Cortana assistance enabled; disabling Cortana mitigates exposure
  • ·Exploit status is publicly disclosed: No; Exploited: No — no known in-the-wild exploitation as of patch release

CVSS provenance

nvdv3.06.8MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
vendor_msrc6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.