CVE-2019-1399 — Improper Input Validation in Microsoft Windows

CWE-20 — Improper Input Validation18 documents8 sources

Severity

6.8MEDIUMNVD

NVD6.2

EPSS

0.6%

top 30.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR X64-based Systems Microsoft Windows Server +4 more

Timeline

PublishedNov 12

Latest updateMay 24

Description

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1310.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.7 | Impact: 4.0

Affected Packages5 packages

▶CVEListV5microsoft/windows_server13 versions+12

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

▶CVEListV5microsoft/windows7 versions+6

▶NVDmicrosoft/windowsr2, 1803, 1903+2

▶NVDmicrosoft/windows_105 versions+4

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-73hp-87pm-246v: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use↗2022-05-24

▶

GHSA

GHSA-j8v8-39p3-x83f: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op↗2022-05-24

▶

GHSA

GHSA-jvxc-cf42-9cxc: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use↗2022-05-24

▶

GHSA

GHSA-rjvq-8jhg-x247: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use↗2022-05-24

▶

CVEList

CVE-2019-1399: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op↗2019-11-12

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Denial of Service Vulnerability↗2019-11-12

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Tenable

Microsoft's November 2019 Patch Tuesday: Tenable Roundup↗2019-11-12

▶

💬Community

Bugzilla

CVE-2019-10337 jenkins-plugin-token-macro: XML External Entity processing the ${XML} macro↗2019-06-12

▶