CVE-2019-0734

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2019-0734
An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication request using Kerberos, allowing an attacker to be validated as an Administrator.The update addresses this vulnerability by changing how these requests are validated., aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0936.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0734 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2019-05-16 19:29

Updated : 2020-08-24 17:37

NVD link : CVE-2019-0734

Mitre link : CVE-2019-0734

CVE.ORG link : CVE-2019-0734

JSON object : View

Products Affected

microsoft

  • windows_8.1
  • windows_10
  • windows_server_2012
  • windows_rt_8.1
  • windows_7
  • windows_server_2019
  • windows_server_2016
  • windows_server_2008
CWE
NVD-CWE-noinfo