Windows Admin Center
CVE-2019-0813
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.
AnalysisAI
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'. Affected products include: Microsoft Windows Admin Center.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Windows Admin Center
View allRemote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the
Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege acces
Privilege elevation in Microsoft Windows Admin Center allows an already-authenticated (low-privileged) network attacker
Local privilege-to-code-execution in Microsoft Windows Admin Center lets an already-authenticated, lower-privileged user
Local privilege escalation in Microsoft Windows Admin Center allows an already-authenticated, low-privileged attacker to
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileg
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
Windows Admin Center fails to properly validate cryptographic signatures, enabling high-privileged users to bypass secur
Windows Admin Center Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitabl
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose i
Windows Admin Center Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today