CVE-2019-0600 — Sensitive Information Exposure in Windows Server 2019

7 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.4%

top 39.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows 10 +19 more

Timeline

PublishedMar 5

Latest updateMay 13

Description

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0601.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages20 packages

▶msrcmsrc/windows_server_2019

▶msrcmsrc/windows_7

▶msrcmsrc/windows_10

▶msrcmsrc/windows_8.1

▶CVEListV5microsoft/windows20 versions+19

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hwqv-q7x9-4wg9: An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Informa↗2022-05-13

▶

GHSA

GHSA-fh89-j948-9x97: An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory, aka 'HID Informa↗2022-05-13

▶

📋Vendor Advisories

Microsoft

HID Information Disclosure Vulnerability↗2019-02-12

▶

💬Community

Bugzilla

CVE-2019-13179 calamares: incorrect permission leads to disclosure of decryption keys for LUKS container↗2019-07-03

▶