CVE-2019-0688

EUVD-2019-1448
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4493475
1607 (x64, x86)
KB4493470
1703 (x64, x86)
KB4493474
1709 (arm64, x64, x86)
KB4493441
1803 (arm64, x64, x86)
KB4493464
1809 (arm64, x64, x86)
KB4493509
Windows 8.1
(x64, x86)
KB4493467
Windows RT 8.1
All
KB4493446
Windows Server
1709 Server Core
KB4493441
1803 Server Core
KB4493464
Windows Server 2012
Server Core
KB4493451
Standard
KB4493451
Windows Server 2012 R2
Server Core
KB4493467
Standard
KB4493467
Windows Server 2016
Server Core
KB4493470
Standard
KB4493470
Windows Server 2019
Server Core
KB4493509
Standard
KB4493509
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/107685
https://arxiv.org/pdf/1906.10478.pdf
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0688
http://www.securityfocus.com/bid/107685
https://arxiv.org/pdf/1906.10478.pdf
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0688