CVE-2018-8476

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.

Published: Nov 14, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8476
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2008	r2-sp1	r2-sp1.x
microsoft / windows_server_2012	r2	r2.x
microsoft / windows_server_2008	--sp2	--sp2.x
microsoft / windows_server_2016	1803	1803.x

http://www.securityfocus.com/bid/105774
http://www.securitytracker.com/id/1042109
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8476
https://research.checkpoint.com/2019/pxe-dust-finding-a-vulnerability-in-windows-servers-deployment-services/

Vulnerability Database

CVE-2018-8476

Deep Security Visibility Without the Complexity