PT-2019-3921 · Microsoft · Windows Universal Plug/Play (Upnp) Service+1

Edward Torkington

Publicado

2019-11-12

Atualizado

2025-09-15

CVE-2019-1405

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Windows Universal Plug and Play (UPnP) Service (affected versions not specified)

Description An elevation of privilege issue exists due to the improper allowance of COM object creation by the Windows Universal Plug and Play (UPnP) service. This could allow an attacker to elevate their privileges or execute arbitrary code. The vulnerability is related to unsafe privilege management in the Windows UPnP service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

BDU:2019-04373

CVE-2019-1405

Produtos afetados

Windows

Windows Universal Plug/Play (Upnp) Service

PT-2019-3921 · Microsoft · Windows Universal Plug/Play (Upnp) Service+1

CVE-2019-1405

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32