CVE-2019-1171

{"id": "CVE-2019-1171", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "secure@microsoft.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2019-08-14T21:15:16.097", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1171", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user\u2019s system.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.\nThe update addresses the vulnerability through a software change to the OAEP decoding operations.\n"}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en SymCrypt durante la etapa de descifrado de OAEP, tambi\u00e9n se conoce como \"SymCrypt Information Disclosure Vulnerability\"."}], "lastModified": "2024-05-29T17:16:06.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1"}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}