CVE-2018-8340 — Microsoft Windows 10 Servers vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

15.2%

top 5.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Servers Microsoft Windows Server 2012 R2 Microsoft Windows Server 2016 +1 more

Timeline

PublishedAug 15

Latest updateMay 13

Description

A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1

▶CVEListV5microsoft/windows_server_2016(Server Core installation)

▶CVEListV5microsoft/windows_server_2012_r2(Server Core installation)

▶NVDmicrosoft/windowsr2, 1709, 1803+2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-4rgc-rj2m-g9gr: A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication reques↗2022-05-13

▶

CVEList

CVE-2018-8340: A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication reques↗2018-08-15

▶

📋Vendor Advisories

Microsoft

ADFS Security Feature Bypass Vulnerability↗2018-08-14

▶