CVE-2019-1253

HIGH KEV RANSOMWARE

Microsoft Windows 10 1703 - Symlink Following

Title source: rule

Description

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.

Exploits (5)

exploitdb WORKING POC
by Gabor Seljan · textlocalwindows
https://www.exploit-db.com/exploits/47389
nomisec WORKING POC 155 stars
by padovah4ck · local
https://github.com/padovah4ck/CVE-2019-1253
nomisec WORKING POC 50 stars
by rogue-kdc · local
https://github.com/rogue-kdc/CVE-2019-1253
nomisec WORKING POC 20 stars
by sgabe · local
https://github.com/sgabe/CVE-2019-1253
nomisec WORKING POC
by likekabin · poc
https://github.com/likekabin/CVE-2019-1253

References (3)

Scores

CVSS v3 7.8
EPSS 0.3194
EPSS Percentile 96.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-15
VulnCheck KEV 2022-03-15
InTheWild.io 2022-02-27
ENISA EUVD EUVD-2019-9819
Ransomware Use Confirmed
CWE
CWE-59
Status published
Products (8)
microsoft/windows_10_1703 (2 CPE variants)
microsoft/windows_10_1709 (3 CPE variants)
microsoft/windows_10_1803 (3 CPE variants)
microsoft/windows_10_1809 (3 CPE variants)
microsoft/windows_10_1903 (3 CPE variants)
microsoft/windows_server_1803
microsoft/windows_server_1903
microsoft/windows_server_2019
Published Sep 11, 2019
KEV Added Mar 15, 2022
Tracked Since Feb 18, 2026