cbcvebase.
CVE-2019-0633
published 2019-03-05

CVE-2019-0633: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB…

PriorityP179high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
13.04%
95.9th percentile
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630.

Affected

51 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server
microsoftwindows_server

Detection & IOCsextracted from sources · hover to see the quote

  • Target SMBv2 server traffic — monitor for specially crafted SMBv2 packets sent by authenticated attackers to SMBv2 servers, which is the primary exploitation vector for this RCE vulnerability.
  • Focus detection on Windows SMB Server (SMBv2) as the affected component for anomalous or malformed request patterns.
  • ·Exploitation requires authentication in most situations, limiting unauthenticated attack surface but not eliminating risk from compromised credentials.
  • ·Microsoft assesses exploitation as 'More Likely' for both latest and older software releases, indicating elevated risk even without public exploit code.

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck8.8HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.