Lucene search

MicrosoftCVE-2019-1398

HistoryNov 12, 2019 - 7:15 p.m.

CVE-2019-1398

2019-11-1219:15:13

CWE-20

microsoft

web.nvd.nist.gov

cve-2019-1398

windows hyper-v

remote code execution

vulnerability

nvd

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

49.4%

JSON

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka ‘Windows Hyper-V Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_10Match1709x64

microsoftwindows_10Match1803x64

microsoftwindows_10Match1809x64

microsoftwindows_10Match1903x64

microsoftwindows_server_2016Match1803

microsoftwindows_server_2016Match1903

microsoftwindows_server_2019Match-

VendorProductVersionCPE
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*
microsoftwindows_server_20161803cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
microsoftwindows_server_20161903cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
microsoftwindows_server_2019-cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709::::::x64:
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803::::::x64:
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809::::::x64:
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903::::::x64:
microsoft	windows_server_2016	1803	cpe:2.3:o:microsoft:windows_server_2016:1803:::::::*
microsoft	windows_server_2016	1903	cpe:2.3:o:microsoft:windows_server_2016:1903:::::::*
microsoft	windows_server_2019	-	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*

CNA Affected

[
  {
    "product": "Windows",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10 Version 1709 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "10 Version 1803 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "10 Version 1809 for x64-based Systems"
      }
    ]
  },
  {
    "product": "Windows Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "version 1803  (Core Installation)"
      },
      {
        "status": "affected",
        "version": "2019"
      },
      {
        "status": "affected",
        "version": "2019  (Core installation)"
      }
    ]
  },
  {
    "product": "Windows 10 Version 1903 for x64-based Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Windows Server, version 1903 (Server Core installation)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]