Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2019-1388
PUBLISHEDAn elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows...
- Vendor
- Microsoft
- Product
- Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)
- Published
- Nov 12, 2019
- EPSS
- —
Description
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:L/AC:L/Au:N/C:C/I:C/A:C
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Apr 07, 2023 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/130910 | Jun 02, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2021-06-07 22:29:08 UTC · 5 stars
github · Created 2021-05-05 08:22:34 UTC · 20 stars
CVE-2019-1388 Abuse UAC Windows Certificate Dialog
github · Created 2019-11-21 08:38:38 UTC · 0 stars
github · Created 2019-11-21 06:26:27 UTC · 186 stars
CVE-2019-1388 UAC提权 (nt authority\system)
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nessus