CVE-2019-1470Improper Input Validation in Microsoft Windows

CWE-20Improper Input ValidationCWE-200Sensitive Information Exposure14 documents6 sources
Severity
6.0MEDIUMNVD
EPSS
0.9%
top 24.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR X64-based SystemsMicrosoft Windows 10 Version 1909 FOR X64-based Systems+5 more
Timeline
PublishedDec 10
Latest updateMay 24

Description

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages6 packages

CVEListV5microsoft/windows7 versions+6
NVDmicrosoft/windows4 versions+3
NVDmicrosoft/windows_106 versions+5

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-frv3-8pxq-29h4: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated2022-05-24
CVEList
CVE-2019-1470: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated2019-12-10

📋Vendor Advisories

1
Microsoft
Windows Hyper-V Information Disclosure Vulnerability2019-12-10

🕵️Threat Intelligence

10
Trendmicro
December Patch Tuesday: Fixes for components, RDP2019-12-11
Trendmicro
December Patch Tuesday: Fixes for components, RDP2019-12-11
Trendmicro
December Patch Tuesday: Fixes for components, RDP2019-12-11
Trendmicro
December Patch Tuesday: Fixes for components, RDP2019-12-11
Trendmicro
December Patch Tuesday: Fixes for components, RDP2019-12-11
CVE-2019-1470 — Improper Input Validation in Microsoft | cvebase