Skip to main content

Exposure of Resource to Wrong Sphere

CVE-2017-0215

Severity Medium
Score 5.3/10

Summary

Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.

  • LOW
  • LOCAL
  • LOW
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • LOW

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory Timeline

  • Published