⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-05.

CVE-2019-1405 — Improper Privilege Management in Microsoft Windows

CWE-269 — Improper Privilege Management12 documents10 sources

Severity

7.8HIGHNVD

EPSS

53.9%

top 1.99%

CISA KEV

KEVRansomware

Added 2022-03-15

Due 2022-04-05

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows Microsoft Windows 10 Version 1903 FOR 32-bit Systems Microsoft Windows 10 Version 1903 FOR Arm64-based Systems +4 more

Timeline

PublishedNov 12

KEV addedMar 15

KEV dueApr 5

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/windows18 versions+17

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server17 versions+16

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jc5j-4728-w8pc: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Win↗2022-05-24

▶

CVEList

CVE-2019-1405: An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Win↗2019-11-12

▶

VulnCheck

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability↗2019

▶

💥Exploits & PoCs

Exploit-DB

Microsoft UPnP - Local Privilege Elevation (Metasploit)↗2019-12-30

▶

Exploit-DB

Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation↗2019-11-14

▶

Metasploit

Microsoft UPnP Local Privilege Elevation Vulnerability↗

▶

📋Vendor Advisories

CISA

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability↗2022-03-15

▶

Microsoft

Windows UPnP Service Elevation of Privilege Vulnerability↗2019-11-12

▶

🕵️Threat Intelligence

Tenable

ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help↗2022-03-24

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶

Talos

Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage↗2019-11-12

▶