CVE-2019-0709

Опубликовано: 12 июн. 2019

Источник: nvd

CVSS3: 8.4

CVSS3: 7.6

CVSS2: 7.7

EPSS Средний

Описание

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.40977

Средний

8.4 High

CVSS3

7.6 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2019-0709

CVSS3: 7.6

msrc

около 6 лет назад

Windows Hyper-V Remote Code Execution Vulnerability

GHSA-jw59-w7qw-w79g

CVSS3: 7.6

github

около 3 лет назад

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0620, CVE-2019-0722.

BDU:2019-02256

CVSS3: 7.6

fstec

около 6 лет назад

Уязвимость системы аппаратной виртуализации Hyper-V операционной системы Windows, позволяющая нарушителю выполнить произвольный код в операционной системе хоста

EPSS

Процентиль: 97%

0.40977

Средний

8.4 High

CVSS3

7.6 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-20