CVE-2019-1214
HIGH KEVWindows Common Log File System Driver - Elevation of Privilege via Improper Memory Object Handling
Title source: llmExploitation Summary
CVE-2019-1214 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1214
Scores
CVSS v3
7.8
EPSS
0.0368
EPSS Percentile
88.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2019-09-10
InTheWild.io
2021-07-23
ENISA EUVD
EUVD-2019-9782
CWE
CWE-119
Status
published
Products (18)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
(3 CPE variants)
microsoft/windows_10_1803
(3 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_10_1903
(3 CPE variants)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 8 more
Published
Sep 11, 2019
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026