Lucene search

MicrosoftCVE-2019-1425

HistoryNov 12, 2019 - 7:15 p.m.

CVE-2019-1425

2019-11-1219:15:14

CWE-59

microsoft

web.nvd.nist.gov

cve

2019

1425

elevation of privilege

visual studio

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

54.6%

JSON

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka ‘Visual Studio Elevation of Privilege Vulnerability’.

Affected configurations

Nvd

Vulners

Node

microsoftvisual_studio_2017Match15.9

microsoftvisual_studio_2019Match16.0

microsoftvisual_studio_2019Match16.3

VendorProductVersionCPE
microsoftvisual_studio_201715.9cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*
microsoftvisual_studio_201916.0cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*
microsoftvisual_studio_201916.3cpe:2.3:a:microsoft:visual_studio_2019:16.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	visual_studio_2017	15.9	cpe:2.3:a:microsoft:visual_studio_2017:15.9:::::::*
microsoft	visual_studio_2019	16.0	cpe:2.3:a:microsoft:visual_studio_2019:16.0:::::::*
microsoft	visual_studio_2019	16.3	cpe:2.3:a:microsoft:visual_studio_2019:16.3:::::::*

CNA Affected

[
  {
    "product": "Microsoft Visual Studio 2017",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "version 15.9"
      }
    ]
  },
  {
    "product": "Microsoft Visual Studio 2019",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "16.0"
      },
      {
        "status": "affected",
        "version": "16.3"
      }
    ]
  }
]