This issue was originally discovered by Yaojun Leng of Tencent. This issue affects Windows Servers with Cluster Shared Volumes enabled.
In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create a cluster shared volume in such a way that the volume is accessible by any user. This could be leveraged by an attacker to elevate privileges on the system and install applications to gain further access to the server. CVE-2017-31418 This issue has been assigned the CVE identifier CVE-2017-31418.
This vulnerability affects Windows Servers with Cluster Shared Volumes enabled. In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create a cluster shared volume in such a way that the volume is accessible by any user. This could be leveraged by an attacker to elevate privileges on the system and install applications to gain further access to the server. CVE-2017-31418 This issue has been assigned the CVE identifier CVE-2017-31418.
This vulnerability affects Windows Servers with Cluster Shared Volumes enabled. In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create
Impact of CVE-2018-8214
This vulnerability allows an unauthenticated attacker to escalate privileges on the system and install applications to gain further access to the server. In most cases, this is a privilege escalation issue; but in some cases, it could allow installation of malware or other malicious software.
This vulnerability affects Windows Servers with Cluster Shared Volumes enabled. In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create a cluster shared volume in such a way that the volume is accessible by any user. This could be leveraged by an attacker to elevate privileges on the system and install applications to gain further access to the server. CVE-2017-31418 This issue has been assigned the CVE identifier CVE-2017-31418.
Product Affected
Cluster Shared Volumes.
Potential Impact
Elevating privileges on the system and installing applications to gain further access to the server can potentially impact a user’s system. The vulnerability may also be leveraged by an attacker to cause a Denial of Service (DoS) condition.
Many small businesses don’t have the time, skills, or expertise necessary to handle everything that comes with a solid SEO strategy.
If you're not advertising on Facebook yet, now is the time! There are many strategies you can use with your ads. But one strategy that stands out is using pictures in your ad campaigns.
Windows versions affected by this issue
This vulnerability affects Windows Servers with Cluster Shared Volumes enabled. In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create a cluster shared volume in such a way that the volume is accessible by any user. This could be leveraged by an attacker to elevate privileges on the system and install applications to gain further access to the server.
Summary
In a default Windows 2012 R2 or Windows 2016 environment, a remote unauthenticated attacker can use the “Create Volume” action in Microsoft Disk Management MMC snap-in to create a cluster shared volume in such a way that the volume is accessible by any user. This could be leveraged by an attacker to elevate privileges on the system and install applications to gain further access to the server.
CVE-2017-31418 This issue has been assigned the CVE identifier CVE-2017-31418.
Timeline
Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC