ID CVE-2020-1243
Summary A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:x64:*
  • cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 21-10-2020 - 15:22)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
Last major update 21-10-2020 - 15:22
Published 16-10-2020 - 23:15
Last modified 21-10-2020 - 15:22
Back to Top