CVE-2018-0952

{"id": "CVE-2018-0952", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-08-15T17:29:00.207", "references": [{"url": "http://www.securityfocus.com/bid/105048", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1041466", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://www.exploit-db.com/exploits/45244/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/105048", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1041466", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0952", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/45244/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers."}, {"lang": "es", "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando Diagnostics Hub Standard Collector permite la creaci\u00f3n de archivos en ubicaciones arbitrarias. Esto tambi\u00e9n se conoce como \"Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability\". Esto afecta a Windows Server 2016, Windows 10, Microsoft Visual Studio y Windows 10 Servers."}], "lastModified": "2024-11-21T03:39:17.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:-:update3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8F4DFE9-4F4C-4658-AEFE-6C82367A1D62"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15"}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1146A295-C7BF-4036-9610-9DBC7C8D94AE"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}