← back
CVE-2019-0972

Local Security Authority Subsystem Service Denial of Service Vulnerability

CVSS 6.5 MEDIUMEPSS 5.8%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 5.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
12 Jun 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R