CVE-2019-1000
MEDIUMMicrosoft Azure Active Directory Connect 1.3.20.0 - Authenticated Privilege Escalation via PowerShell Cmdlets
Title source: llmDescription
An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1000
Scores
CVSS v3
5.3
EPSS
0.0181
EPSS Percentile
75.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-269
Status
published
Products (1)
microsoft/azure_active_directory_connect
Published
May 16, 2019
Tracked Since
Feb 18, 2026