CVE-2019-1206

HIGH

Windows Server 2012, 2016, 2019 - Denial of Service via DHCP Failover Packet Handling

Title source: llm
STIX 2.1

Description

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed. The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0530
EPSS Percentile 91.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (6)
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_server_2016
microsoft/windows_server_2016 1803
microsoft/windows_server_2016 1903
microsoft/windows_server_2019
Published Aug 14, 2019
Tracked Since Feb 18, 2026