Main Vulnerability Database Vulnerabilities #VU20202

Buffer overflow in Windows Server - CVE-2019-1206

Published: August 13, 2019

Vulnerability identifier: #VU20202

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1206

CWE-ID: CWE-119

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. A remote attacker can send a specially crafted request to the affected service, trigger memory corruption and perform denial of service attack.

Note, the DHCP server must be set to failover mode for the attack to succeed.

How to mitigate CVE-2019-1206

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1206

Buffer overflow in Windows Server - CVE-2019-1206

Detailed vulnerability description

How to mitigate CVE-2019-1206

Sources

Please verify you're human