cbcvebase.
CVE-2019-1214
published 2019-09-11

CVE-2019-1214: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common…

PriorityP279high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
1.32%
67.4th percentile
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10_version_1903_for_32-bit_systems
microsoftwindows_10_version_1903_for_arm64-based_systems
microsoftwindows_10_version_1903_for_x64-based_systems
microsoftwindows_server
microsoftwindows_server

Detection & IOCsextracted from sources · hover to see the quote

processspecially crafted application targeting CLFS driver
  • Check Point IPS blade signature name for detection: 'Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2019-1214)'
  • Exploitation requires local logon followed by execution of a crafted application; alert on unexpected process elevation from non-privileged user sessions interacting with CLFS driver
  • ·MSRC exploit status lists 'Exploited: No' for this CVE, contradicting the Krebs and CISA reports of in-the-wild exploitation; treat as exploited in the wild per CISA KEV listing
  • ·CISA KEV confirms active exploitation and mandates patching; older software releases rated 'Exploitation More Likely' by Microsoft

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_redhat9.8CRITICAL
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.