Tampering Vulnerability in Microsoft PowerShell for Various Windows Versions
CVE-2018-8415

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 7
Windows Server 2012 R2
Windows Rt 8.1
Windows Server 2012
Vendor
CVE Published:
14 November 2018

Summary

A tampering vulnerability in Microsoft PowerShell could allow attackers to execute unlogged code on affected systems, potentially compromising the integrity of the software environment. This issue affects multiple versions of Windows, including various Server editions and PowerShell Core, enabling malicious actors to exploit systems without detection.

Affected Version(s)

PowerShell Core 6.0

PowerShell Core 6.1

Windows 10 32-bit Systems

References

http://www.securitytracker.com/id/1042108
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/105792
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.