CVE-2018-8117

low-risk

Published 2018-04-12

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to read keystrokes sent by other keyboards for the affected devices, aka "Microsoft Wireless Keyboard 850 Security Feature Bypass Vulnerability." This affects Microsoft Wireless Keyboard 850.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Wireless Keyboard 850

Affected Vendors

Microsoft

References (4)

Third Party Advisory http://www.securityfocus.com/bid/103711

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117

Third Party Advisory http://www.securityfocus.com/bid/103711

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8117

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal