OpenCVE

An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:A/AC:M/Au:S/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 8.1 Windows Server 2012

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_8.1::::::::
	cpe:2.3:o:microsoft:windows_server_2012::::::::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/97459
http://www.securitytracker.com/id/1038232
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2017-04-12T14:00:00

Updated: 2024-08-05T12:55:19.222Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2017-0169

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-04-12T14:59:00.623

Modified: 2024-11-21T03:02:29.253

Link: CVE-2017-0169

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Windows Hyper-V", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows 8.1, Windows Server 2012, and Windows Server 2012 R2"}]}], "datePublic": "2017-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T09:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"name": "97459", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97459"}, {"name": "1038232", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038232"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2017-0169", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows Hyper-V", "version": {"version_data": [{"version_value": "Windows 8.1, Windows Server 2012, and Windows Server 2012 R2"}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"name": "97459", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97459"}, {"name": "1038232", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038232"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:55:19.222Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"name": "97459", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97459"}, {"name": "1038232", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038232"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-0169", "datePublished": "2017-04-12T14:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-05T12:55:19.222Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*", "matchCriteriaId": "80EB5690-B20F-457A-A202-FBADAA17E05C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Information Disclosure Vulnerability.\" This CVE ID is unique from CVE-2017-0168."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Windows Hyper-V que se ejecuta en un sistema operativo anfitri\u00f3n de Windows 8.1, Windows Server 2012 o Windows Server 2012 R2, no valida adecuadamente la entrada de un usuario autenticado en un sistema operativo invitado, vulnerabilidad tambi\u00e9n conocida como \"Hyper-V Information Disclosure Vulnerabilidad\". Este CVE ID es exclusivo de CVE-2017-0168."}], "id": "CVE-2017-0169", "lastModified": "2024-11-21T03:02:29.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-12T14:59:00.623", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97459"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id/1038232"}, {"source": "secure@microsoft.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1038232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0169"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}