CVE-2019-1397 — Improper Input Validation in Microsoft Windows
Severity
8.4HIGHNVD
EPSS
1.0%
top 22.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 12
Latest updateMay 24
Description
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0
Affected Packages5 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-f4wh-c3m6-3xxv: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu↗2022-05-24
GHSA▶
GHSA-hwxc-7rw6-2gqf: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu↗2022-05-24
GHSA▶
GHSA-mccc-vqrp-w855: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu↗2022-05-24
CVEList▶
CVE-2019-1398: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu↗2019-11-12
CVEList▶
CVE-2019-1397: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a gu↗2019-11-12
📋Vendor Advisories
1🕵️Threat Intelligence
7Qualys▶
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe↗2019-11-12