Vulnerability Details CVE-2018-0902
The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://www.securityfocus.com/bid/103266
- http://www.securitytracker.com/id/1040520
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902
- http://www.securityfocus.com/bid/103266
- http://www.securitytracker.com/id/1040520
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902
Products affected by CVE-2018-0902
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_10:1511
-
cpe:2.3:o:microsoft:windows_10:1607
-
cpe:2.3:o:microsoft:windows_10:1703
-
cpe:2.3:o:microsoft:windows_10:1709
-
cpe:2.3:o:microsoft:windows_server:1709
-
cpe:2.3:o:microsoft:windows_server_2016:-