CVE-2019-0688Use of a Broken or Risky Cryptographic Algorithm in Microsoft Windows

CWE-327Use of a Broken or Risky Cryptographic Algorithm15 documents7 sources
Severity
7.5HIGHNVD
EPSS
6.9%
top 8.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
19
Microsoft WindowsMicrosoft Windows ServerMicrosoft Windows 10+16 more
Timeline
PublishedApr 9
Latest updateMay 13

Description

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages18 packages

CVEListV5microsoft/windows18 versions+17
NVDmicrosoft/windowsr2, 1709, 1803+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-m3c3-22wf-38mv: An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information2022-05-13

💥Exploits & PoCs

1
Exploit-DB
Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution2020-03-02

📋Vendor Advisories

1
Microsoft
Windows TCP/IP Information Disclosure Vulnerability2019-04-09

🕵️Threat Intelligence

8
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities2019-04-10
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities2019-04-10
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities2019-04-10
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities2019-04-10
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities2019-04-10

📄Research Papers

1
arXiv
From IP ID to Device ID and KASLR Bypass (Extended Version)2019-10-27