Tag
#Role: Windows Hyper-V
**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.
**According to the CVSS score, the attack vector is Local. Why does the CVE title indicate that this is a Remote Code Execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.
**What type of information could be disclosed by this vulnerability?** Exploiting this vulnerability could allow the disclosure of certain kernel memory content.
**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.
**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
**What is meant by scope change for this particular vulnerability?** In this case, a successful attack could be performed from a low privilege Hyper-V guest. The attacker could traverse the guest's security boundary to execute code on the Hyper-V host execution environment.
**What configurations or versions could be at risk from this vulnerability?** This bypass could affect any Hyper-V configurations that are using Router Guard. **What is the exposure if the vulnerability was bypassed?** Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths.
**What configurations or versions could be at risk from this vulnerability?** This bypass could affect any Hyper-V configurations that are using Router Guard. **What is the exposure if the vulnerability was bypassed?** Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths.
**How could an attacker exploit this vulnerability?** An authenticated attacker could run a specially crafted application on a vulnerable Hyper-V guest to exploit this vulnerability. **What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could potentially interact with processes of another Hyper-V guest hosted on the same Hyper-V host.
*What are the vulnerable configurations of Hyper-V?* Installations of Hyper-V with GRE (Generic Routing Encapsulation) enabled.