{"id":"CVE-2018-0886","details":"The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka \"CredSSP Remote Code Execution Vulnerability\".","modified":"2026-03-15T14:28:57.868977Z","published":"2018-03-14T17:29:01.527Z","related":["SUSE-SU-2019:0134-1","SUSE-SU-2019:0539-1","SUSE-SU-2020:2272-1","openSUSE-SU-2019:0325-1","openSUSE-SU-2024:10768-1","openSUSE-SU-2024:12385-1","openSUSE-SU-2025:15103-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/103265"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040506"},{"type":"ADVISORY","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-198-03"},{"type":"FIX","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0886"},{"type":"EVIDENCE","url":"https://blog.preempt.com/security-advisory-credssp"},{"type":"EVIDENCE","url":"https://github.com/preempt/credssp"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44453/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0886.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1511"}]},{"events":[{"introduced":"0"},{"last_affected":"1607"}]},{"events":[{"introduced":"0"},{"last_affected":"1703"}]},{"events":[{"introduced":"0"},{"last_affected":"1709"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2-sp1"}]},{"events":[{"introduced":"0"},{"last_affected":"r2"}]},{"events":[{"introduced":"0"},{"last_affected":"1709"}]},{"events":[{"introduced":"0"},{"last_affected":"1803"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}