Important CVSS 5.5 2018-07 archive

Executive Summary

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input. For this vulnerability to be exploited, the attacker must be authenticated (logged on) to the target display. To exploit the vulnerability, an attacker who is connected to the MWDA could send administrative commands to the MWDA, including commands with illegal characters which could cause the MWDA to stop functioning correctly. The update addresses the vulnerability by modifying how the Microsoft Wireless Display Adapter manages administrative input.

Overview

5.5
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Remote Code Execution
Released Jul 10 2018
Last Updated Jul 10 2018
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known

CVSS Vector

ATTACK VECTOR
Adjacent
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
Low
USER INTERACTION
None
SCOPE
Unchanged
CONFIDENTIALITY
Low
INTEGRITY
Low
AVAILABILITY
Low
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 5.0

EPSS Score

No EPSS score available for this CVE.

View on FIRST.org

Affected Products

3 affected products
Product KB Article Severity Impact Restart Required
Microsoft Wireless Display Adapter V2 Software Version 2.0.8350 Firmware (Security Update) Important Remote Code Execution Yes
Microsoft Wireless Display Adapter V2 Software Version 2.0.8365 Firmware (Security Update) Important Remote Code Execution Yes
Microsoft Wireless Display Adapter V2 Software Version 2.0.8372 Firmware (Security Update) Important Remote Code Execution Yes

Patches

1 patch
Article Type Restart
Firmware Security Update Yes

Known Exploits

Acknowledgments

Tobias Glemser of secuvera GmbH
Simon Winter