CVE-2019-0709
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
12/06/2019
Last modified:
20/05/2025
Description
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.<br />
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.<br />
The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Base Score 2.0
7.70
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page