CVE-2018-8476 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows 10 Servers
Severity
9.8CRITICALNVD
EPSS
63.8%
top 1.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 14
Latest updateMay 13
Description
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages8 packages
▶CVEListV5microsoft/windows_server_2008_r2Itanium-Based Systems Service Pack 1, x64-based Systems Service Pack 1, x64-based Systems Service Pack 1 (Server Core installation)+2
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-qwwf-66q6-w688: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deploymen↗2022-05-13
CVEList▶
CVE-2018-8476: A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deploymen↗2018-11-14