Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-1019 — Sensitive Information Exposure in Microsoft Windows 10 Version 1507
Severity
8.5HIGHNVD
EPSS
2.8%
top 13.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 12
Latest updateMay 24
Description
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.
To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges.
The issue has been addressed by changing how NTLM validates network authentication messages.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0
Affected Packages22 packages
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 10.0.17134.648 - HTTP -> SMB NTLM Reflection Leads to Privilege Elevation↗2019-07-12