CVE-2019-1405

HIGHCISA KEV

7.8

Beschreibung

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.

CVE Details

CVSS v3.1 Bewertung7.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorLOCAL

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht11/12/2019

Zuletzt geandert10/29/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerMicrosoft

ProduktWindows

SchwachstellennameMicrosoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability

KEV Aufnahmedatum2022-03-15

Behebungsfrist2022-04-05

Ransomware-NutzungKnown

Betroffene Produkte

microsoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_10_1903microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_1803microsoft:windows_server_1903microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Schwachen (CWE)

CWE-269

Referenzen

http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html(secure@microsoft.com)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405(secure@microsoft.com)

http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html(af854a3a-2127-422b-91ae-364da2661108)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1405(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.