CVE-2017-8686

CRITICAL

Windows Server 2012 and 2016 - Remote Code Execution in DHCP Service

Title source: llm
STIX 2.1

Description

The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability".

References (3)

Core 3
Core References
Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100730
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039337

Scores

CVSS v3 9.8
EPSS 0.2750
EPSS Percentile 97.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (3)
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
Published Sep 13, 2017
Tracked Since Feb 18, 2026