CVE-2019-0703
MEDIUM KEVWindows SMB Server - Information Disclosure via Request Handling
Title source: llmExploitation Summary
CVE-2019-0703 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 23, 2022.
Description
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0703
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0703
Scores
CVSS v3
6.5
EPSS
0.1923
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-05-23
VulnCheck KEV
2019-03-12
InTheWild.io
2019-03-12
ENISA EUVD
EUVD-2019-1463
Status
published
Products (17)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
microsoft/windows_10_1803
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_1709
... and 7 more
Published
Apr 09, 2019
KEV Added
May 23, 2022
Tracked Since
Feb 18, 2026