CVE-2018-8415

CWE-94Code Injection4 documents4 sources
Severity
7.8HIGH
EPSS
0.7%
top 27.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Powershell CoreMicrosoft Windows 10Microsoft Windows 10 Servers+9 more
Timeline
PublishedNov 14
Latest updateMay 14

Description

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

CVEListV5microsoft/windows_server_2012(Server Core installation)
CVEListV5microsoft/windows_server_2012_r2(Server Core installation)
CVEListV5microsoft/windows_10_serversversion 1709 (Server Core Installation), version 1803 (Server Core Installation)+1
CVEListV5microsoft/windows_server_2016(Server Core installation)
CVEListV5microsoft/windows_server_2019(Server Core installation)

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-69m5-86x3-v3m5: A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerabilit2022-05-14
CVEList
CVE-2018-8415: A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerabilit2018-11-14

📋Vendor Advisories

1
Microsoft
Microsoft PowerShell Tampering Vulnerability2018-11-13