Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2018-0886

Published: 14/03/2018 Updated: 13/03/2019
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 766
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1511

microsoft windows 10 1607

microsoft windows server 2016 1803

microsoft windows 10 1703

microsoft windows 10 1803

microsoft windows server 2012 -

microsoft windows server 2016 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows 10 1709

microsoft windows 7 -

microsoft windows server 2012 r2

microsoft windows server 2016 1709

Exploits

Exploit DB: Microsoft Credential Security Support Provider - Remote Code Execution
# credssp This is a poc code for exploiting CVE-2018-0886 It should be used for educational purposes only It relies on a fork of the rdpy project(githubcom/preempt/rdpy), allowing also credssp relay Written by Eyal Karni, Preempt ekarni@preemptcom # Build ## Instructions (Linux) If you are using Ubuntu 14 , check the install fi ...

Github Repositories

https://github.com/ShivaniThadiyan/Azure-Security-privacy-helpdoc

Azure Security privacy helpdoc

Introduction Azure security privacy and compliance is a one day workshop lead by Microsoft or Microsoft partnersIn this workshop, you will learn how to design an implementation of Azure Security Center and Microsoft Compliance Manager tools to ensure a secure and privacy-focused Azure cloud-based architecture Sign-up for Workshop Environment To make it easier for you to work

https://github.com/wachira90/fix-credssp

fix-credssp CredSSP Encryption Oracle Remediation คือ อะไร ก่อนที่จะแก้ไขอะไร เราต้องรู้จักกันก่อนครับ ตัว CredSSP เกิดจากช่องโหว่ความปลอดภัยเบอร์ CVE-2018-0886 ครับ ซึ่งช่องโหว่ C

https://github.com/preempt/credssp

A code demonstrating CVE-2018-0886

credssp This is a poc code for exploiting CVE-2018-0886 It should be used for educational purposes only It relies on a fork of the rdpy project(githubcom/preempt/rdpy), allowing also credssp relay Written by Eyal Karni, Preempt ekarni@preemptcom Build Instructions (Linux) If you are using Ubuntu 14 , check the install file It was tested on Ubuntu 1604 $ git clo

https://github.com/jborean93/requests-credssp

An authentication handler for using CredSSP with Python Requests.

requests-credssp About this library This package allows for HTTPS CredSSP authentication using the requests library CredSSP is a Microsoft authentication that allows your credentials to be delegated to a server giving you double hop authentication Features This library supports the following CredSSP features Protocol version 2 to 6 Initial authentication with NTLM or Ker

https://github.com/DigitalRuby/IPBan

Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓

IPBan - Free software to block out attackers quickly and easily on Linux and Windows Helpful Links Get a discount on IPBan Pro by visiting ipbancom/upgrade-to-ipban-pro/ Integrate IPBan with IPThreat, a 100% free to use website and service of community submitted bad ip addresses Help make the Internet safer and join hundreds of other like minded users You can a

Recent Articles

Microsoft to lock out Windows RDP clients if they are not patched against hijack bug
The Register • Simon Sharwood • 23 Mar 2018

No update installed? No connection Cybercrooks are pimping out pwned RDP servers

Black Hat Asia Microsoft will prevent Windows Server from authenticating RDP clients that have not been patched to address a security flaw that can be exploited by miscreants to hijack systems and laterally move across a network. The bug, CVE-2018-0886, was fixed in March's Patch Tuesday software update, and involves Microsoft's implementation of its Credential Security Support Provider protocol (CredSSP). A miscreant-in-the-middle on a corporate network can abuse the flaw to send arbitrary comm...

Read more...

References

CWE-287https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886https://blog.preempt.com/security-advisory-credssphttp://www.securitytracker.com/id/1040506http://www.securityfocus.com/bid/103265https://www.exploit-db.com/exploits/44453/https://github.com/preempt/credssphttps://ics-cert.us-cert.gov/advisories/ICSA-18-198-03https://nvd.nist.govhttps://www.exploit-db.com/exploits/44453/https://github.com/ShivaniThadiyan/Azure-Security-privacy-helpdoc
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook