| Severity | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE ID | CVE-2019-0975 CVE-2019-1126 |
| CVSSv3 |
3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] |
| CWE ID |
CWE-399 CWE-799 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Windows Server |
| Vulnerable software versions |
Windows Server 2016 Windows Server 2019 Windows Server 1803 Windows Server 1903 Windows Server 2012 R2 |
| Vendor URL | Microsoft |
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the way Active Directory Federation Services (ADFS) performs updates for the list of banned IP addresses. A remote attacker can convince the ADFS administrator to update a list of banned IP addresses and bypass security restrictions
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0975
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the way Active Directory Federation Services (ADFS) handles external authentication requests. A remote attacker can perform a brute-force attack and cause account lockouts in Active Directory.
RemediationInstall updates from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1126