Main Vulnerability Database Vulnerabilities #VU21685

#VU21685 Man-in-the-Middle (MitM) attack in Windows and Windows Server - CVE-2019-1338

Published: October 9, 2019

Vulnerability identifier: #VU21685

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1338

CWE-ID: CWE-300

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to tamper with the NTLMv2 exchange.

The vulnerability exists due to insufficient integrity check for NTLMv2 packets, when the client is also sending LMv2 responses. A remote attacker with ability to modify NTLM traffic exchange can bypass the NTLMv2 protection and gain the ability to downgrade NTLM security features.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1338

#VU21685 Man-in-the-Middle (MitM) attack in Windows and Windows Server - CVE-2019-1338

Description

Remediation

External links

Please verify you're human