CVE-2019-0975Improper Restriction of Excessive Authentication Attempts in Windows Server 2019

CWE-307Improper Restriction of Excessive Authentication Attempts5 documents3 sources
Severity
6.3MEDIUMNVD
NVD5.3
EPSS
1.8%
top 17.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Microsoft Windows ServerMicrosoft Windows Server 2012Microsoft Windows Server 2016+4 more
Timeline
PublishedJul 15
Latest updateMay 24

Description

A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages6 packages

NVDmicrosoft/windowsr2, 1803, 1903+2
CVEListV5microsoft/windows_server7 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xppj-j5qj-xhcx: A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses2022-05-24
GHSA
GHSA-7f55-8m7r-49x9: A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet loc2022-05-24

📋Vendor Advisories

1
Microsoft
ADFS Security Feature Bypass Vulnerability2019-07-09
CVE-2019-0975 — Msrc Windows Server 2019 vulnerability | cvebase