cbcvebase.
CVE-2019-0698
published 2019-04-09

CVE-2019-0698: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP…

PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
62.85%
99.1th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka 'Windows DHCP Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0697, CVE-2019-0726.

Affected

20 ranges
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server
microsoftwindows_server_2016
msrcwindows_10_version_1803_for_32-bit_systems
msrcwindows_10_version_1803_for_arm64-based_systems
msrcwindows_10_version_1803_for_x64-based_systems
msrcwindows_10_version_1809_for_32-bit_systems
msrcwindows_10_version_1809_for_arm64-based_systems
msrcwindows_10_version_1809_for_x64-based_systems
msrcwindows_server_2019
msrcwindows_server_version_1803

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via specially crafted DHCP responses sent to a Windows DHCP client; monitor for anomalous or malformed DHCP response packets (DHCP port 67/68 UDP) targeting Windows clients
  • Attack vector is network-based with no authentication required — a rogue DHCP server or man-in-the-middle on the local network segment can deliver the malicious payload; inspect DHCP traffic for malformed option fields
  • ·As of the advisory, this vulnerability had NOT been publicly exploited or disclosed with a working exploit; exploitation was rated 'Less Likely' for both latest and older software releases
  • ·This CVE is distinct from two related Windows DHCP Client RCE vulnerabilities; ensure detections and patches address all three: CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726
  • ·Patching requires KB4489868 or KB4489899 depending on the affected Windows version; verify patch applicability before deployment

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.