Information disclosure in Microsoft Windows Wireless

Published: 2018-06-12 22:36:12
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-8209
CVSSv3 4.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Local
Public exploit Not available
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows Server 2016
Vendor URL Microsoft

Security Advisory

1) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error when Windows allows a normal user to access the Wireless LAN profile of an administrative user. A local attacker can access the Wireless LAN profile of an administrative user, including passwords for wireless networks.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8209

Back to List