Vulnerability Details CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.6
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
Proposed Action
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
Ransomware Campaign
Known
References
- http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405
- http://packetstormsecurity.com/files/155723/Microsoft-UPnP-Local-Privilege-Elevation.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405
Products affected by CVE-2019-1405
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_10_1709:-
-
cpe:2.3:o:microsoft:windows_10_1803:-
-
cpe:2.3:o:microsoft:windows_10_1809:-
-
cpe:2.3:o:microsoft:windows_10_1903:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_1803:-
-
cpe:2.3:o:microsoft:windows_server_1903:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-