CVE-2019-0786 — Improper Input Validation in Microsoft Windows

CWE-20 — Improper Input Validation3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

10.7%

top 6.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows 10 +13 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages16 packages

▶CVEListV5microsoft/windows_server4 versions+3

▶msrcmsrc/windows_server_2019

▶msrcmsrc/windows_server_version_1709

▶msrcmsrc/windows_server_version_1803

▶CVEListV5microsoft/windows9 versions+8

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-39q2-68cq-xq24: An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to↗2022-05-13

▶

📋Vendor Advisories

Microsoft

Hyper-V vSMB Remote Code Execution Vulnerability↗2019-04-09

▶