CVE-2018-0886
Description
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka CredSSP Remote Code Execution Vulnerability.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
91.354
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Internet Explorer Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4088876) | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4088876) | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4088876) | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows Server 2012 for x64-based Systems (KB4088877) | Windows |
| Windows Shell Remote Code Execution Vulnerability for Windows 8.1 for x86-based Systems (KB4088879) | Windows |
| Windows Shell Remote Code Execution Vulnerability for Windows 8.1 for x64-based Systems (KB4088879) | Windows |
| Windows Shell Remote Code Execution Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4088879) | Windows |
| Windows Shell Remote Code Execution Vulnerability for Windows Server 2012 for x64-based Systems (KB4088880) | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1511 for x86-based Systems (KB4088779) - Cumulative | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1511 for x64-based Systems (KB4088779) - Cumulative | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4088787) - Cumulative | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4088787) - Cumulative | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4088787) - Delta | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4088787) - Delta | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4088787) - Cumulative | Windows |
| Internet Explorer Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4088787) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4103723) - Cumulative | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4103727) - Cumulative | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4103727) - Delta | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4103727) - Cumulative | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4103727) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2016 (1803) for x64-based Systems (KB4103721) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4103721) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4103731) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1703 for x64-based Systems (KB4103731) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4103731) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1703 for x86-based Systems (KB4103731) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4103723) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4103723) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2016 for x64-based Systems (KB4103723) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4103723) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4103723) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4103716) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4103718) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4103718) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4103718) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4103725) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4103725) | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4103725) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows Server 2012 for x64-based Systems (KB4103730) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows Server 2008 R2 for x64-based Systems (KB4103712) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows 7 for x64-based Systems (KB4103712) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows 7 for x86-based Systems (KB4103712) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4103715) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows 8.1 for x64-based Systems (KB4103715) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows 8.1 for x86-based Systems (KB4103715) | Windows |
| Microsoft Windows Information Disclosure Vulnerability for Windows Server 2012 for x64-based Systems (KB4103726) | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows Server 2016 (1709) for x64-based Systems (KB4103727) - Cumulative | Windows |
| Microsoft Edge Information Disclosure Vulnerability for Windows Server 2016 (1709) for x64-based Systems (KB4103727) - Delta | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB4103716) - Cumulative | Windows |
| Microsoft Browser Information Disclosure Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4103721) - Cumulative | Windows |
| CredSSP Remote Code Execution Vulnerability for the credssp remote code execution vulnerability in Windows Server 2008 for x86-based Systems (KB4056564) | Windows |
| CredSSP Remote Code Execution Vulnerability for the credssp remote code execution vulnerability in Windows Server 2008 for x64-based Systems (KB4056564) | Windows |
| SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP3 ) freerdp-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) freerdp-debugsource-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreerdp2-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpm | Linux |
| SUSE-SU-2019:0134-1(SUSE Linux Enterprise Desktop 12-SP4 ) libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-12.8.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-24072 | 2018-03 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4088876) |
| PATCH-24073 | 2018-03 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4088876) |
| PATCH-24074 | 2018-03 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4088876) |
| PATCH-24075 | 2018-03 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4088877) |
| PATCH-24079 | 2018-03 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4088879) |
| PATCH-24080 | 2018-03 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4088879) |
| PATCH-24081 | 2018-03 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4088879) |
| PATCH-24082 | 2018-03 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4088880) |
| PATCH-24088 | 2018-03 Cumulative Update for Windows 10 Version 1511 for x86-based Systems (KB4088779) |
| PATCH-24089 | 2018-03 Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB4088779) |
| PATCH-24090 | 2018-03 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4088787) |
| PATCH-24091 | 2018-03 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4088787) |
| PATCH-24092 | 2018-03 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4088787) |
| PATCH-24093 | 2018-03 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4088787) |
| PATCH-24094 | 2018-03 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4088787) |
| PATCH-24095 | 2018-03 Delta Update for Windows Server 2016 for x64-based Systems (KB4088787) |
| PATCH-24422 | 2018-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4103723) |
| PATCH-24432 | 2018-05 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4103727) |
| PATCH-24431 | 2018-05 Delta Update for Windows 10 Version 1709 for x64-based Systems (KB4103727) |
| PATCH-24430 | 2018-05 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4103727) |
| PATCH-24429 | 2018-05 Delta Update for Windows 10 Version 1709 for x86-based Systems (KB4103727) |
| PATCH-24434 | 2018-05 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4103721) |
| PATCH-24433 | 2018-05 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4103721) |
| PATCH-24417 | 2018-05 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4103723) |
| PATCH-24421 | 2018-05 Delta Update for Windows 10 Version 1607 for x64-based Systems (KB4103723) |
| PATCH-24418 | 2018-05 Delta Update for Windows Server 2016 for x64-based Systems (KB4103723) |
| PATCH-24420 | 2018-05 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4103723) |
| PATCH-24419 | 2018-05 Delta Update for Windows 10 Version 1607 for x86-based Systems (KB4103723) |
| PATCH-24423 | 2018-05 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4103716) |
| PATCH-24463 | 2018-05 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4103718) |
| PATCH-24462 | 2018-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4103718) |
| PATCH-24461 | 2018-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4103718) |
| PATCH-24466 | 2018-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4103725) |
| PATCH-24464 | 2018-05 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4103725) |
| PATCH-24465 | 2018-05 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4103725) |
| PATCH-24467 | 2018-05 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4103730) |
| PATCH-24455 | 2018-05 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4103712) |
| PATCH-24456 | 2018-05 Security Only Quality Update for Windows 7 for x64-based Systems (KB4103712) |
| PATCH-24454 | 2018-05 Security Only Quality Update for Windows 7 for x86-based Systems (KB4103712) |
| PATCH-24459 | 2018-05 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4103715) |
| PATCH-24458 | 2018-05 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4103715) |
| PATCH-24457 | 2018-05 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4103715) |
| PATCH-24460 | 2018-05 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4103726) |
| PATCH-24655 | 2018-05 Cumulative Update for Windows Server 2016 (1709) for x64-based Systems (KB4103727) |
| PATCH-24656 | 2018-05 Delta Update for Windows Server 2016 (1709) for x64-based Systems (KB4103727) |
| PATCH-24424 | 2018-05 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4103716) |
| PATCH-24435 | 2018-05 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4103721) |
| PATCH-24116 | 2018-03 Security Update for Windows Server 2008 for x86-based Systems (KB4056564) |
| PATCH-24117 | 2018-03 Security Update for Windows Server 2008 for x64-based Systems (KB4056564) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234