CVE-2019-0703
Published: 09 April 2019
Summary
CVE-2019-0703 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 4.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-2 (Flaw Remediation).
Deeper analysis
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. This affects the Server Message Block component in Windows and is tracked separately from the related issues CVE-2019-0704 and CVE-2019-0821. The flaw carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low complexity, and low privileges required.
An authenticated attacker with network access can send specially crafted requests to disclose sensitive information from the target system, with no user interaction needed and no impact on integrity or availability.
Microsoft has published security guidance and patches for the issue through its MSRC advisory portal. The vulnerability is also catalogued by CISA as one known to have been exploited in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1463
Vulnerability details
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patch that eliminates the SMB request-handling flaw enabling the information disclosure.
Enforces information-flow rules on SMB sessions so that crafted requests from an authenticated user cannot leak data outside authorized channels.
Explicitly monitors systems for anomalous information disclosure patterns that would be triggered by exploitation of this SMB vulnerability.