← Back

CVE-2018-8599

nvd nist
Published: Dec 12, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.

Affected (12)

Microsoft
5 products
Visual Studio
Visual Studio 2017
Windows 10
Windows Server 2016
Windows Server 2019
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Visual Studio
Version 2015 update3
Visual Studio 2017
Version 15.9
Microsoft
Windows 10
All versions
Windows 10
Version 1607
Windows 10
Version 1703
Windows 10
Version 1709
Windows 10
Version 1803
Windows 10
Version 1809
Microsoft
Windows Server 2016
All versions
Windows Server 2016
Version 1709
Windows Server 2016
Version 1803
Windows Server 2019
All versions

Related CWEs

CWE-273
Improper Check for Dropped Privileges
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

References (4)

Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.