CVE-2019-0690Improper Input Validation in Microsoft Windows

CWE-20Improper Input Validation8 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.4%
top 37.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
Microsoft WindowsMicrosoft Windows ServerMicrosoft Windows 10+18 more
Timeline
PublishedApr 9
Latest updateMay 14

Description

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages20 packages

CVEListV5microsoft/windows_server2019, 2019 (Core installation), version 1803 (Core Installation)+2
CVEListV5microsoft/windows10 Version 1803 for x64-based Systems, 10 Version 1809 for x64-based Systems+1
NVDmicrosoft/windowsr2, 1709, 1803+2
NVDmicrosoft/windows_105 versions+4

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-f7f3-v225-hmxj: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op2022-05-14
GHSA
GHSA-w9x3-fjwf-qgxf: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op2022-05-14
GHSA
GHSA-x44w-p4rq-c889: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use2022-05-14

📋Vendor Advisories

1
Microsoft
Windows Hyper-V Denial of Service Vulnerability2019-03-12

💬Community

1
Bugzilla
CVE-2019-10392 jenkins-git-client-plugin: OS command injection via 'git ls-remote'2020-04-01
CVE-2019-0690 — Improper Input Validation in Microsoft | cvebase