How severe is CVE-2019-1171?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2019-1171?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2019-1171

MEDIUM Year: 2019

CVSS v3 Score

5.6

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-200

View all →

Vulnerability Description

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. The update addresses the vulnerability through a software change to the OAEP decoding operations.

CVE-2003-20001

MEDIUM

CVSS:5.6(Medium)

An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges infor...

CWE-2002003

CVE-2017-5754

MEDIUM

CVSS:5.6(Medium)

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel an...

CWE-2002017

CVE-2018-10472

MEDIUM

CVSS:5.6(Medium)

An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying...

CWE-2002018

CVE-2018-12126

MEDIUM

CVSS:5.6(Medium)

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosur...

CWE-2002018

CVE-2018-12127

MEDIUM

CVSS:5.6(Medium)

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via ...

CWE-2002018

CVE-2018-12130

MEDIUM

CVSS:5.6(Medium)

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure ...

CWE-2002018

CVE-2019-1171

Vulnerability Description

Related Vulnerabilities

CVE-2003-20001

CVE-2017-5754

CVE-2018-10472

CVE-2018-12126

CVE-2018-12127

CVE-2018-12130