CVE-2019-0698
published 2019-04-09CVE-2019-0698: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
62.85%
99.1th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via specially crafted DHCP responses sent to a Windows DHCP client; monitor for anomalous or malformed DHCP response packets (DHCP port 67/68 UDP) targeting Windows clients ↗
- →Attack vector is network-based with no authentication required — a rogue DHCP server or man-in-the-middle on the local network segment can deliver the malicious payload; inspect DHCP traffic for malformed option fields ↗
- ·As of the advisory, this vulnerability had NOT been publicly exploited or disclosed with a working exploit; exploitation was rated 'Less Likely' for both latest and older software releases ↗
- ·This CVE is distinct from two related Windows DHCP Client RCE vulnerabilities; ensure detections and patches address all three: CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726 ↗
- ·Patching requires KB4489868 or KB4489899 depending on the affected Windows version; verify patch applicability before deployment ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0726 [CRITICAL] CWE-787 GHSA-xfvv-5229-rm3v: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0698.
GHSA
GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0698 [CRITICAL] CWE-787 GHSA-c773-95pr-cwwc: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.
GHSA
GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
ghsa_unreviewed·2022-05-13·CVSS 9.8
CVE-2019-0697 [CRITICAL] CWE-787 GHSA-4p2v-3qr6-pv3r: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0698, CVE-2019-0726.
Microsoft
Windows DHCP Client Remote Code Execution Vulnerability
vendor_msrc·2019-03-12·CVSS 9.8
CVE-2019-0698 [CRITICAL] Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.
Windows DHCP Client: Windows DHCP Client
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.micros
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-04-09
Published