Lucene search

[email protected]NVD:CVE-2019-0720

HistoryAug 14, 2019 - 9:15 p.m.

CVE-2019-0720

2019-08-1421:15:12

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic.

Affected configurations

Nvd

Node

microsoftwindows_10Match-x64

microsoftwindows_10Match1607x64

microsoftwindows_10Match1703x64

microsoftwindows_10Match1709x64

microsoftwindows_10Match1803x64

microsoftwindows_10Match1809x64

microsoftwindows_7Match-sp1x64

microsoftwindows_8.1Match-x64

microsoftwindows_server_2008Match-sp2x64

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

microsoftwindows_server_2016Match1803

microsoftwindows_server_2019Match-

VendorProductVersionCPE
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
microsoftwindows_101703cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
microsoftwindows_server_2008r2cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Vendor	Product	Version	CPE
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-::::::x64:
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607::::::x64:
microsoft	windows_10	1703	cpe:2.3:o:microsoft:windows_10:1703::::::x64:
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709::::::x64:
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803::::::x64:
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809::::::x64:
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:sp1:::::x64:*
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-::::::x64:
microsoft	windows_server_2008	-	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
microsoft	windows_server_2008	r2	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*