CVE-2019-1388

HIGHCISA KEV

7.8

Descripcion

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado11/12/2019

Ultima modificacion10/29/2025

Fuentekev

Avistamientos honeypot0

CISA KEV

VendedorMicrosoft

ProductoWindows

Nombre vulnerabilidadMicrosoft Windows Certificate Dialog Privilege Escalation Vulnerability

Fecha inclusion KEV2023-04-07

Fecha limite remediacion2023-04-28

Uso en ransomwareKnown

Productos afectados

microsoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_1903microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Debilidades (CWE)

CWE-269CWE-269

Referencias

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388(secure@microsoft.com)

https://www.zerodayinitiative.com/advisories/ZDI-19-975/(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388(af854a3a-2127-422b-91ae-364da2661108)

https://www.zerodayinitiative.com/advisories/ZDI-19-975/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.