cvelistv5 - cve-2019-1232

cve-2019-1232

Vulnerability from cvelistv5

Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
References
Source	URL	Tags
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232	Patch, Vendor Advisory
Impacted products
Vendor	Product
Microsoft	Microsoft Visual Studio
Microsoft	Windows
Microsoft	Windows Server
Microsoft	Microsoft Visual Studio 2017
Microsoft	Windows 10 Version 1903 for 32-bit Systems
Microsoft	Windows 10 Version 1903 for x64-based Systems
Microsoft	Windows 10 Version 1903 for ARM64-based Systems
Microsoft	Windows Server, version 1903 (Server Core installation)
Microsoft	Microsoft Visual Studio 2019
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:13:29.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            },
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 15.9"
            },
            {
              "status": "affected",
              "version": "15.0"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            },
            {
              "status": "affected",
              "version": "16.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T21:24:58",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          },
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 15.9"
                          },
                          {
                            "version_value": "15.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          },
                          {
                            "version_value": "16.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1232",
    "datePublished": "2019-09-11T21:24:58",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:13:29.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1232\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-09-11T22:15:15.100\",\"lastModified\":\"2020-09-14T12:59:41.430\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Diagnostics Hub Standard Collector Service suplanta inapropiadamente ciertas operaciones de archivo, tambi\u00e9n se conoce como \\\"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.6},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21540673-614A-4D40-8BD7-3F07723803B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAACE735-003E-4ACB-A82E-C0CF97D7F013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B921FDB-8E7D-427E-82BE-4432585080CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FE95C2-066B-491D-82BF-3EF173822B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08A58739-CD5F-45F6-BDA3-14069413B66D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6290EF90-AB91-4990-8D44-4F64F49AE133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3886D126-9ADC-4AAF-8169-70F3DE3A7773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2019:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE087F4D-F5FC-4286-B559-AE5C0E448D27\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2019-1232

Vulnerability from cvelistv5

ghsa-w64g-6fpq-3hxr

Vulnerability from github

gsd-2019-1232

Vulnerability from gsd

Tags
