Remote Code Execution Vulnerability in Microsoft Hyper-V Network Switch
CVE-2017-0181

7.6HIGH

Key Information:

Vendor
Microsoft
Status
Windows Hyper-v
Vendor
CVE Published:
12 April 2017

Summary

A remote code execution vulnerability exists within the Windows Hyper-V Network Switch when it improperly validates input from authenticated users on guest operating systems. This flaw could allow an attacker with valid credentials to execute arbitrary code on the host server. The vulnerability highlights the importance of secure configurations and prompt updates to protect systems from potential exploit.

Affected Version(s)

Windows Hyper-V Windows 10 and Windows Server 2016

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97445
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038233
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.