Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11607
HistoryNov 12, 2019 - 12:00 a.m.

KLA11607 Multiple vulnerabilities in Microsoft Developer Tools

2019-11-1200:00:00
Kaspersky Lab
threats.kaspersky.com
13

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Visual Studio can be exploited remotely to gain privileges.
  2. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2019-1425

CVE-2019-1370

Related products

Microsoft-Visual-Studio

CVE list

CVE-2019-1425 high

CVE-2019-1370 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft Visual Studio 2019 version 16.3Microsoft Visual Studio 2019 version 16.0Open Enclave SDKMicrosoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)

Related

nvd 2
symantec 2
mscve 2
prion 2
cve 2
cvelist 2
nessus 1
osv 1
talosblog 1
nvd
nvd
CVE-2019-1425
2019-11-12 19:15:14
CVE-2019-1370
2019-11-12 19:15:11
symantec
symantec
Microsoft Visual Studio CVE-2019-1425 Remote Privilege Escalation Vulnerability
2019-11-12 00:00:00
Microsoft Open Enclave SDK CVE-2019-1370 Information Disclosure Vulnerability
2019-11-12 00:00:00
mscve
mscve
Visual Studio Elevation of Privilege Vulnerability
2019-11-12 08:00:00
Open Enclave SDK Information Disclosure Vulnerability
2019-11-12 08:00:00
prion
prion
Privilege escalation
2019-11-12 19:15:00
Information disclosure
2019-11-12 19:15:00
cve
cve
CVE-2019-1425
2019-11-12 19:15:14
CVE-2019-1370
2019-11-12 19:15:11
cvelist
cvelist
CVE-2019-1425
2019-11-12 18:53:08
CVE-2019-1370
2019-11-12 18:52:49
nessus
nessus
Security Updates for Microsoft Visual Studio Products (November 2019)
2019-11-13 00:00:00
osv
osv
CVE-2019-1370
2019-11-12 19:15:11
talosblog
talosblog
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
2019-11-12 11:58:09

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON
Related for KLA11607
nvd2symantec2mscve2prion2cve2cvelist2nessus1osv1talosblog1