CVE-2019-0965
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
14/08/2019
Last modified:
01/08/2024
Description
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.<br />
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.<br />
The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input.<br />
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Base Score 2.0
7.70
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page