Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0566Missing Authorization in Microsoft Edge

CWE-862Missing Authorization13 documents7 sources
Severity
8.8HIGHNVD
EPSS
47.2%
top 2.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Edge
Timeline
PublishedJan 8
Latest updateMay 13

Description

An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft/microsoft_edge17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-7q3v-8pr6-7pvf: An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability2022-05-13
CVEList
CVE-2019-0566: An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability2019-01-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation2019-01-14

📋Vendor Advisories

1
Microsoft
Microsoft Edge Elevation of Privilege Vulnerability2019-01-08

🕵️Threat Intelligence

7
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09
Trendmicro
January Patch Tuesday Contains Fixes for DHCP2019-01-09

💬Community

1
Bugzilla
CVE-2019-3830 openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files2019-02-14
CVE-2019-0566 — Missing Authorization in Microsoft Edge | cvebase