Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2019-0736

Disclosure Date: August 14, 2019 •

CVE-2019-0736 CVSS v3 Base Score: 9.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.
To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.
The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Windows 10 Version 1703 publication

Windows 10 Version 1803 publication

Windows Server, version 1803 (Server Core Installation) publication

Windows 10 Version 1709 for 32-bit Systems publication

Windows 10 Version 1709 publication

Windows 10 Version 1507 publication

Windows 10 Version 1607 publication

Windows Server 2016 publication

Windows Server 2016 (Server Core installation) publication

Windows 7 publication

Windows 7 Service Pack 1 publication

Windows 8.1 publication

Windows Server 2008 Service Pack 2 publication

Windows Server 2008 Service Pack 2 (Server Core installation) publication

Windows Server 2008 Service Pack 2 publication

Windows Server 2008 R2 Systems Service Pack 1 publication

Windows Server 2008 R2 Service Pack 1 publication

Windows Server 2008 R2 Service Pack 1 (Server Core installation) publication

Windows Server 2012 publication

Windows Server 2012 (Server Core installation) publication

Windows Server 2012 R2 publication

Windows Server 2012 R2 (Server Core installation) publication

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

microsoft

Products

windows 10 -,
windows 10 1607,
windows 10 1703,
windows 10 1709,
windows 10 1803,
windows 7 -,
windows 8.1 -,
windows rt 8.1 -,
windows server 2008 -,
windows server 2008 r2,
windows server 2012 -,
windows server 2012 r2,
windows server 2016 -,
windows server 2016 1803

References

Canonical

CVE-2019-0736 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0736)

Miscellaneous

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0736

Rapid7

Unknown

CVE-2019-0736

Unknown

Unknown

None

None

Network

CVE-2019-0736

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2019-0736

Unknown

Unknown

None

None

Network

CVE-2019-0736

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification