CVE-2019-1213 - OpenCVE

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. The security update addresses the vulnerability by correcting how DHCP servers handle network packets.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Server 2008

Configuration 1 [-]

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

References

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2019-08-14T20:55:05

Updated: 2024-05-29T16:51:08.579Z

Reserved: 2018-11-26T00:00:00

Link: CVE-2019-1213

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-14T21:15:18.470

Modified: 2024-05-29T17:16:14.080

Link: CVE-2019-1213

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"title": "Windows DHCP Server Remote Code Execution Vulnerability", "datePublic": "2019-08-13T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Windows Server 2008 Service Pack 2", "cpes": ["cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*"], "platforms": ["32-bit Systems", "IA64-based Systems"], "versions": [{"version": "6.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2008 Service Pack 2 (Server Core installation)", "cpes": ["cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "6.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2008 Service Pack 2", "cpes": ["cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "6.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.\nTo exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.\nThe security update addresses the vulnerability by correcting how DHCP servers handle network packets.\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T16:51:08.579Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "CRITICAL", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1213", "datePublished": "2019-08-14T20:55:05", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-05-29T16:51:08.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.\nTo exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.\nThe security update addresses the vulnerability by correcting how DHCP servers handle network packets.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en el servicio DHCP de Windows Server cuando un atacante env\u00eda paquetes especialmente dise\u00f1ados hacia un servidor DHCP, tambi\u00e9n se conoce como \"Windows DHCP Server Remote Code Execution Vulnerability\"."}], "id": "CVE-2019-1213", "lastModified": "2024-05-29T17:16:14.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2019-08-14T21:15:18.470", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1213"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}