CVE-2017-11830 - OpenCVE

Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 10 Windows Server Windows Server 2016

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_10:1511:::::::*
	cpe:2.3:o:microsoft:windows_10:1607:::::::*
	cpe:2.3:o:microsoft:windows_10:1703:::::::*
	cpe:2.3:o:microsoft:windows_10:1709:::::::*
	cpe:2.3:o:microsoft:windows_server:1709:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101714
http://www.securitytracker.com/id/1039790
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830
https://www.exploit-db.com/exploits/43162/

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2017-11-15T03:00:00Z

Updated: 2024-09-16T19:05:16.075Z

Reserved: 2017-07-31T00:00:00

Link: CVE-2017-11830

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-11-15T03:29:00.420

Modified: 2022-05-23T17:29:14.940

Link: CVE-2017-11830

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Device Guard", "vendor": "Microsoft Corporation", "versions": [{"status": "affected", "version": "Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709."}]}], "datePublic": "2017-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka \"Device Guard Security Feature Bypass Vulnerability\"."}], "problemTypes": [{"descriptions": [{"description": "Security Feature Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-22T10:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "43162", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43162/"}, {"name": "1039790", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830"}, {"name": "101714", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101714"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "DATE_PUBLIC": "2017-11-14T00:00:00", "ID": "CVE-2017-11830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Device Guard", "version": {"version_data": [{"version_value": "Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709."}]}}]}, "vendor_name": "Microsoft Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka \"Device Guard Security Feature Bypass Vulnerability\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Security Feature Bypass"}]}]}, "references": {"reference_data": [{"name": "43162", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43162/"}, {"name": "1039790", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039790"}, {"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830"}, {"name": "101714", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101714"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:19:39.205Z"}, "title": "CVE Program Container", "references": [{"name": "43162", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/43162/"}, {"name": "1039790", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039790"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830"}, {"name": "101714", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101714"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2017-11830", "datePublished": "2017-11-15T03:00:00Z", "dateReserved": "2017-07-31T00:00:00", "dateUpdated": "2024-09-16T19:05:16.075Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*", "matchCriteriaId": "232581CC-130A-4C62-A7E9-2EC9A9364D53", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server:1709:*:*:*:*:*:*:*", "matchCriteriaId": "E2817831-8725-4149-B694-44870F2B6938", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka \"Device Guard Security Feature Bypass Vulnerability\"."}, {"lang": "es", "value": "Device Guard en Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versi\u00f3n 1709 permite que un atacante haga que un archivo sin firma aparezca como que s\u00ed tiene firma a causa de la omisi\u00f3n de una caracter\u00edstica de seguridad. Esta vulnerabilidad tambi\u00e9n se conoce como \"Device Guard Security Feature Bypass Vulnerability\"."}], "id": "CVE-2017-11830", "lastModified": "2022-05-23T17:29:14.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-15T03:29:00.420", "references": [{"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101714"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039790"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11830"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43162/"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}]}