CVE-2017-0159 Information

Description

A security feature bypass vulnerability exists in Windows 10 1607 Windows Server 2012 R2 and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests aka \ADFS Security Feature Bypass Vulnerability.\

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.securityfocus.com/bid/97449 http://www.securitytracker.com/id/1038243 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.7