⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.

CVE-2019-1322Insufficiently Protected Credentials in Microsoft Windows

CWE-522Insufficiently Protected Credentials20 documents12 sources
Severity
7.8HIGHNVD
EPSS
36.5%
top 2.87%
CISA KEV
KEVRansomware
Added 2022-03-15
Due 2022-04-05
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+4 more
Timeline
PublishedOct 10
KEV addedMar 15
KEV dueApr 5
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5microsoft/windows11 versions+10
NVDmicrosoft/windows1803, 1903+1
NVDmicrosoft/windows_105 versions+4
CVEListV5microsoft/windows_server2019, 2019 (Core installation), version 1803 (Core Installation)+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

7
GHSA
GHSA-r6r9-m794-3hcj: An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations2022-05-24
GHSA
GHSA-44h5-7p9r-q2m9: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege2022-05-24
GHSA
GHSA-8m7x-67r8-gpmw: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege2022-05-24
CVEList
CVE-2019-1320: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege2019-10-10
CVEList
CVE-2019-1322: An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege2019-10-10

💥Exploits & PoCs

3
Exploit-DB
Microsoft UPnP - Local Privilege Elevation (Metasploit)2019-12-30
Exploit-DB
Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation2019-11-14
Metasploit
Microsoft UPnP Local Privilege Elevation Vulnerability

📋Vendor Advisories

3
CISA
Microsoft Windows Privilege Escalation Vulnerability2022-03-15
Microsoft
Microsoft Windows Elevation of Privilege Vulnerability2019-10-08
Red Hat
jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)2019-05-21

🕵️Threat Intelligence

3
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help2022-03-24
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage2019-10-08
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage2019-10-08

💬Community

1
Bugzilla
CVE-2019-10320 jenkins-credentials-plugin: Certificate file read vulnerability in Credentials Plugin (SECURITY-1322)2019-05-27
CVE-2019-1322 — Insufficiently Protected Credentials | cvebase