CVE-2019-1254

Published Sep 11, 2019

Last updated 4 years ago

CVSS medium 5.5

Overview

Description: An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka 'Windows Hyper-V Information Disclosure Vulnerability'.
Source: secure@microsoft.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-908

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "897A48D7-FCA1-4560-AFBB-718AF19BA3A2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "2704BDB7-C9DC-42A6-925D-798568E22D6D"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "1B3308A0-1699-4A4A-8D6B-AB4E4C825C95"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "1981BA0D-0920-40C0-8A6A-5D5A1B221560"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "6CF580BA-6938-40F6-9D86-F43044A6BACA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "2487AF09-F003-482A-BD42-31F6AEAA033F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References