CVE-2017-11830

5.3MEDIUM

Key Information:

Vendor: Microsoft
Status: Device Guard
Vendor: CVE Published:; 15 November 2017

Summary

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

Affected Version(s)

Device Guard Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709.

References

https://www.exploit-db.com/exploits/43162/

exploitx_refsource_EXPLOIT-DB

http://www.securitytracker.com/id/1039790

vdb-entryx_refsource_SECTRACK

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

77% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2017
Vulnerability Reserved
Jul 31, 2017

Collectors

NVD DatabaseMitre Database

.