Attacker Value
High
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-0841: AppXSvc Hard Link Privilege Escalation

Disclosure Date: April 09, 2019
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

Add Assessment

2
Ratings
  • Attacker Value
    High
  • Exploitability
    Low
Technical Analysis

This vulnerability allows for taking over SYSTEM-owned files. Getting an elevated shell takes more effort, either by exposing the DiagHub service, which will willingly load a file from System32 with SYSTEM privileges or by combing the target for a service that loads a dll as SYSTEM. Exploitability is variable due to those reasons, but ultimately this is a useful vulnerability. Effort to execute this exploit is rated higher due to shell access being a prerequisite.

There is even a bypass for this vulnerability’s patch: CVE-2019-1064.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • windows 10 1703,
  • windows 10 1709,
  • windows 10 1803,
  • windows 10 1809,
  • windows server 2016 1803,
  • windows server 2019 -

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis