What is CVE-2019-1405?

A high-severity elevation of privilege vulnerability exists in Microsoft Windows Universal Plug and Play (UPnP) service. Organizations must address this vulnerability through immediate patching to prevent potential exploitation.

What is the severity of CVE-2019-1405?

CVE-2019-1405 has a severity rating of HIGH with a CVSS base score of 7.8.

Is CVE-2019-1405 in CISA KEV?

Yes. CVE-2019-1405 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2019-1405 | High Vulnerability in Microsoft Windows UPnP Service

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, classified as 'Windows UPnP Service Elevation of Privilege Vulnerability'. This vulnerability is rated high with a CVSS score of 7.8, indicating a significant risk to affected systems.

Risk to organizations includes potential unauthorized access to sensitive data and system resources, as the vulnerability allows attackers to exploit the UPnP service to gain elevated privileges on the system. The urgency for defenders is critical, as effective exploitation can lead to significant breaches.

Currently, there is known exploitation of this vulnerability, with active use in various threat landscapes. Organizations should prioritize patching immediately to mitigate risks associated with this vulnerability.

With the vulnerability being added to the Known Exploited Vulnerabilities (KEV) catalog on March 15, 2022, it is crucial for organizations to remain vigilant and ensure that necessary updates are applied.

Vulnerability Details

The vulnerability allows elevation of privilege and affects multiple versions of the Microsoft Windows operating system, including Windows 7, Windows 10 (various versions), and several Windows Server editions. The vulnerability was published on November 12, 2019. Its CWE classification is CWE-269, indicating improper privilege management.

Technical Analysis

The root cause of the vulnerability lies in the Windows UPnP service's improper handling of COM object creation. The attack vector is local, meaning that an attacker must have access to the local network to exploit this vulnerability. The attack complexity is low, with minimal privileges required, and no user interaction is needed for exploitation.

The impact on confidentiality, integrity, and availability is rated high, with potential for significant damage to systems and data. This indicates that successful exploitation could lead to complete control of the affected system.

Risk & Impact Analysis

Real-world deployment risk is substantial, as organizations utilizing affected versions of Windows could face significant operational disruptions if exploited. The blast radius potential is high, allowing attackers to access critical systems and sensitive data, potentially leading to data breaches or system takeovers.

Considering the CVSS score, organizations should treat this vulnerability with urgency and prioritize remediation efforts in their security patch cycle. The existence of known exploitations emphasizes the need for immediate action.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	Yes
Ransomware Use	Yes

Affected Versions

The following versions of Microsoft Windows are affected by this vulnerability: Windows 7 SP1, Windows 10 (versions 1507, 1607, 1709, 1803, 1809, 1903), Windows 8.1, Windows RT 8.1, Windows Server 2008 SP2, Windows Server 2012, Windows Server 2016, and Windows Server 2019.

Mitigation & Remediation

Organizations should apply patches as provided by Microsoft to remediate this vulnerability. Details for the specific updates can be found in the Microsoft Security Update Guide. Additionally, implementing configuration hardening for the UPnP service and network monitoring can further mitigate risks.

For organizations seeking to validate the effectiveness of their remediation efforts, continuous penetration testing can help identify any remaining vulnerabilities.

Detection Guidance

Security teams should monitor logs for indicators of exploitation attempts, including unusual UPnP service requests and abnormal COM object creation activity. Behavioral anomalies in system behavior following UPnP interactions should also be investigated.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its ability to allow unauthorized users elevated access within a network. Organizations must understand the patterns of privilege escalation vulnerabilities and implement robust security measures to prevent similar risks.

Security teams should adopt lessons learned from such vulnerabilities to enhance their response strategies. Regular security assessments and a proactive approach to vulnerability management are essential to maintaining a secure environment.

Continuous penetration testing can provide organizations with insights into their security posture and help identify areas of improvement.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2019-1405: High Vulnerability in Microsoft Windows UPnP Service