TROYANOSYVIRUS
Volver a CVEs

CVE-2019-0543

HIGHCISA KEV
7.8

Descripcion

An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Detalles CVE

Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/8/2019
Ultima modificacion1/14/2026
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorMicrosoft
ProductoWindows
Nombre vulnerabilidadMicrosoft Windows Privilege Escalation Vulnerability
Fecha inclusion KEV2022-03-15
Fecha limite remediacion2022-04-05
Uso en ransomwareKnown

Productos afectados

microsoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_1709microsoft:windows_server_1803microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Debilidades (CWE)

CWE-287CWE-287

Referencias

http://www.securityfocus.com/bid/106408(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543(secure@microsoft.com)
https://www.exploit-db.com/exploits/46156/(secure@microsoft.com)
http://www.securityfocus.com/bid/106408(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0543(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46156/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0543(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.