CVE-2019-0551 : A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550.

Published 2019-01-08 21:29:01

Updated 2019-01-14 17:55:35

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Input validationExecute code

Exploit prediction scoring system (EPSS) score for CVE-2019-0551

Probability of exploitation activity in the next 30 days: 0.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-0551

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.7	HIGH	AV:A/AC:L/Au:S/C:C/I:C/A:C	5.1	10.0	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.4	HIGH	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.7	6.0	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-0551

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-0551

http://www.securityfocus.com/bid/106386

Microsoft Windows Hyper-V CVE-2019-0551 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0551

CVE-2019-0551 - Security Update Guide - Microsoft - Windows Hyper-V Remote Code Execution Vulnerability
Patch;Vendor Advisory

Products affected by CVE-2019-0551

Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1703
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1709
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1803
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1809
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1709
cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: 1803
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2019-0551

Exploit prediction scoring system (EPSS) score for CVE-2019-0551

CVSS scores for CVE-2019-0551

CWE ids for CVE-2019-0551

References for CVE-2019-0551

Products affected by CVE-2019-0551