CVE-2019-0886 — Improper Input Validation in Microsoft Windows

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

1.1%

top 22.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR X64-based Systems Microsoft Windows Server +12 more

Timeline

PublishedMay 16

Latest updateMay 24

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages15 packages

▶msrcmsrc/windows_10_version_1607_for_x64-based_systems

▶msrcmsrc/windows_10_version_1703_for_x64-based_systems

▶msrcmsrc/windows_10_version_1709_for_x64-based_systems

▶msrcmsrc/windows_10_version_1803_for_x64-based_systems

▶msrcmsrc/windows_10_version_1809_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-67wv-vphq-h3gr: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Information Disclosure Vulnerability↗2019-05-14

▶