High severity7.8NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026

CVE-2018-0902

Description

The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.

Affected products

Microsoft/Windows Serverllm-fuzzy
Range: 2016, 1709
Microsoft/Windows 10llm-fuzzy
Range: Gold, 1511, 1607, 1703, 1709
Microsoft Corporation/Cryptography Next Generation (CNG) kernel-mode driver (cng.sys)v5
Range: Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709

Patches

Vulnerability mechanics

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0902nvdPatchVendor Advisory
www.securityfocus.com/bid/103266nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040520nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000