CVE-2019-0714 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-0714 PUBLISHED CVSS 5.599999904632568 MEDIUM

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further. On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125. Microsoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.

EPSS 1.02% · 77.1th percentile

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

1.02%

77.1th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	6.0.0
Microsoft	Windows Server 2012 (Server Core installation)	6.2.0
Microsoft	Windows Server, version 1903 (Server Core installation)	10.0.0
Microsoft	Windows 10 Version 1809	10.0.0
Microsoft	Windows Server 2008 R2 Service Pack 1	6.1.0
Microsoft	Windows 10 Version 1607	10.0.0
Microsoft	Windows Server 2016 (Server Core installation)	10.0.0
Microsoft	Windows 10 Version 1709	10.0.0
Microsoft	Windows Server 2016	10.0.0
Microsoft	Windows 10 Version 1709 for 32-bit Systems	10.0.0
Microsoft	Windows 7 Service Pack 1	6.1.0
Microsoft	Windows 10 Version 1703	10.0.0
Microsoft	Windows 10 Version 1507	10.0.0
Microsoft	Windows Server 2012 R2 (Server Core installation)	6.3.0
Microsoft	Windows Server 2008 Service Pack 2	6.0.0
Microsoft	Windows Server 2019	10.0.0
Microsoft	Windows Server, version 1803 (Server Core Installation)	10.0.0
Microsoft	Windows 7	6.1.0
Microsoft	Windows 10 Version 1903 for ARM64-based Systems	10.0.0
Microsoft	Windows Server 2008 Service Pack 2	6.0.0

…and 9 more

Timeline

Aug 14, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://portal.msrc.microsoft.com/fr-FR/security-guidance advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125 url
https://www.synology.com/security/advisory/Synology_SA_19_32 url
RHSA-2019:2600 vendor-advisory
RHSA-2019:2609 vendor-advisory
RHSA-2019:2695 vendor-advisory
RHSA-2019:2696 vendor-advisory
RHSA-2019:2730 vendor-advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10297 url
RHSA-2019:2900 vendor-advisory
RHSA-2019:2899 vendor-advisory
RHSA-2019:2975 vendor-advisory
RHSA-2019:3011 vendor-advisory
RHBA-2019:2824 vendor-advisory
RHSA-2019:3220 vendor-advisory
RHBA-2019:3248 vendor-advisory
http://packetstormsecurity.com/files/156337/SWAPGS-Attack-Proof-Of-Concept.html url
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200408-01-swapgs-en url

Open in Interactive Console →