mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
199 lines
7.1 KiB
JSON
199 lines
7.1 KiB
JSON
{
|
|
"id": "CVE-2019-1214",
|
|
"sourceIdentifier": "secure@microsoft.com",
|
|
"published": "2019-09-11T22:15:14.523",
|
|
"lastModified": "2020-08-24T17:37:01.140",
|
|
"vulnStatus": "Analyzed",
|
|
"cisaExploitAdd": "2021-11-03",
|
|
"cisaActionDue": "2022-05-03",
|
|
"cisaRequiredAction": "Apply updates per vendor instructions.",
|
|
"cisaVulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Vulnerability",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el controlador de Windows Common Log File System (CLFS) maneja inapropiadamente los objetos en la memoria, tambi\u00e9n se conoce como \"Windows Common Log File System Driver Elevation of Privilege Vulnerability\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
|
"accessVector": "LOCAL",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE",
|
|
"baseScore": 7.2
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "NVD-CWE-noinfo"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*",
|
|
"matchCriteriaId": "B320A104-9037-487E-BC9A-62B4A6B49FD0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
|
|
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |