cbcvebase.
CVE-2019-1213
published 2019-08-14

CVE-2019-1213: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who…

PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.25%
89.8th percentile
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftwindows_server_2008_service_pack_2>= 6.0.0 < publicationpublication
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_itanium-based_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2

Detection & IOCsextracted from sources · hover to see the quote

  • Target service is Windows Server DHCP; monitor for specially crafted/malformed packets sent to the DHCP server as the attack vector
  • Attack is network-based and unauthenticated — no prior access required; DHCP server exposure on the network is sufficient for exploitation
  • Exploitation results in memory corruption leading to arbitrary code execution on the DHCP server; alert on unexpected process spawning from the DHCP service (dhcpserver.exe)
  • ·As of advisory publication, the vulnerability had not been publicly disclosed or observed exploited in the wild, reducing immediate threat urgency but not eliminating risk
  • ·Exploitation likelihood for older software releases is rated 'Less Likely'; no exploitation rating provided for latest software release

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.