CVE-2017-8706

MEDIUM

Windows Hyper-V on Windows 10 and Windows Server 2016 - Authenticated Information Disclosure via Guest OS Input

Title source: llm

Description

The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1039317

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100789

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8706

Scores

CVSS v3 5.3

EPSS 0.0320

EPSS Percentile 87.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (6)

microsoft/windows_10

microsoft/windows_10 1511

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_server_2016

Microsoft Corporation/Windows Hyper-V Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016

Published Sep 13, 2017

Tracked Since Feb 18, 2026