Skip to main content

Powershell Core CVE-2018-8415

HIGH
Code Injection (CWE-94)
2018-11-14 secure@microsoft.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2018 - 01:29 nvd
HIGH 7.8

DescriptionNVD

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

AnalysisAI

A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell Core 6.0, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Affected products include: Microsoft Powershell Core, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Rt 8.1.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2018-8256 HIGH
8.8 Nov 14

A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft

CVE-2021-26701 HIGH
8.1 Feb 25

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitabl

CVE-2019-0632 HIGH
7.8 Mar 05

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Win

CVE-2019-0631 HIGH
7.8 Mar 05

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Win

CVE-2019-0627 HIGH
7.8 Mar 05

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Win

CVE-2021-26423 HIGH
7.5 Aug 12

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remot

CVE-2020-1108 HIGH
7.5 May 21

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Cor

CVE-2019-1301 HIGH
7.5 Sep 11

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Servic

CVE-2018-8292 HIGH
7.5 Oct 10

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in

CVE-2018-0875 HIGH
7.5 Mar 14

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how

CVE-2018-0786 HIGH
7.5 Jan 10

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and

CVE-2018-0764 HIGH
7.5 Jan 10

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. R

Share

CVE-2018-8415 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy