Vulnerability Name:
CVE-2019-1334 (CCN-167489)
Assigned:
2018-11-26
Published:
2019-10-08
Updated:
2019-10-15
Summary:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from
CVE-2019-1345
.
CVSS v3 Severity:
5.5 Medium
(CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
)
4.8 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
None
Availibility (A):
None
4.7 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
)
4.1 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
2.1 Low
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
3.8 Low
(CCN CVSS v2 Vector:
AV:L/AC:H/Au:S/C:C/I:N/A:N
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
High
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-200
Vulnerability Consequences:
Obtain Information
References:
Source: MITRE
Type: CNA
CVE-2019-1334
Source: XF
Type: UNKNOWN
ms-kernel-cve20191334-info-disc(167489)
Source: CCN
Type: Microsoft Security TechCenter - October 2019
Windows Kernel Information Disclosure Vulnerability
Source: MISC
Type: Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1334
Vulnerable Configuration:
Configuration 1
:
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1607:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1703:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1709:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1803:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1809:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:1903:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
OR
cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:*
OR
cpe:/o:microsoft:windows_10:*:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server:1803:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:arm64:*
OR
cpe:/o:microsoft:windows_server:1903:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
microsoft
windows 10 -
microsoft
windows 10 1607
microsoft
windows 10 1703
microsoft
windows 10 1709
microsoft
windows 10 1803
microsoft
windows 10 1809
microsoft
windows 10 1903
microsoft
windows 7 - sp1
microsoft
windows 8.1 -
microsoft
windows rt 8.1 -
microsoft
windows server 2012 -
microsoft
windows server 2012 r2
microsoft
windows server 2016 -
microsoft
windows server 2016 1803
microsoft
windows server 2016 1903
microsoft
windows server 2019 -
microsoft
windows 8.1 - -
microsoft
windows 8.1 *
microsoft
windows server 2012 r2
microsoft
windows rt 8.1 *
microsoft
windows 10 -
microsoft
windows 10 *
microsoft
windows server 2016
microsoft
windows server 1803
microsoft
windows server 2019
microsoft
windows 10 -
microsoft
windows server 1903