LiveActive security incident?Get immediate response
CVE Record

CVE-1999-0639: The chargen service is running.

The chargen service is running.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysislow

Security readout for executives and security teams

Plain-English summary

This finding flags that the chargen (Character Generator) service is running on a host. Chargen is a legacy diagnostic service that continuously streams characters to anyone who connects. Attackers have historically abused it to amplify network floods and to consume bandwidth on exposed systems. It offers no business value on modern networks and should not be enabled on production infrastructure.

Executive priority

Low priority. Treat as configuration hygiene rather than an urgent vulnerability. Address during routine hardening cycles, but escalate if any internet-facing UDP/19 listeners are discovered because of reflection-attack risk.

Technical view

CVE-1999-0639 records the presence of the chargen service (RFC 864), typically on TCP/UDP port 19, as a security-relevant configuration. Chargen returns arbitrary character streams on request and, in its UDP form, can be leveraged as a reflection/amplification vector when combined with spoofed source addresses. The CVE bundle names no specific vendor, product, or version and lists no CVSS score, CWE mapping, or KEV entry.

Likely exposure

Exposure is limited to hosts still running inetd-style simple services (chargen, echo, discard, daytime) reachable over the network. Modern operating systems ship these disabled, so real-world exposure is confined to legacy Unix, embedded devices, misconfigured lab systems, or forgotten appliances. Internet-facing UDP/19 is the highest-risk scenario due to reflection potential.

Exploitation context

No active exploitation is cited in the source bundle and this CVE is not listed in CISA KEV. Chargen has historically been abused as a UDP reflection/amplification vector in denial-of-service campaigns, but no current targeted exploitation activity is documented in the provided sources.

Researcher notes

The CVE record is intentionally generic: no vendor, product, CVSS, CWE, or KEV data is provided. Treat this as a configuration-class finding rather than a software vulnerability. When triaging scanner output, distinguish TCP/19 (nuisance, info disclosure) from UDP/19 (reflection amplification concern). Correlate with adjacent simple services and confirm host role before recommending remediation SLAs.

Mitigation direction

  • Disable the chargen service on all hosts and remove it from inetd/xinetd configurations.
  • Block TCP and UDP port 19 at perimeter and internal firewalls.
  • Audit legacy Unix, embedded, and appliance systems for simple services still enabled.
  • Follow vendor guidance for any device where chargen cannot be disabled directly.

Validation and detection

  • Scan internal and external ranges for TCP/UDP port 19 to identify listeners.
  • Inspect /etc/inetd.conf or /etc/xinetd.d/ entries and systemd sockets for chargen.
  • Confirm firewall and ACL rules deny inbound and outbound port 19 traffic.
  • Verify no compensating simple services (echo, daytime, discard) remain enabled.
Prepared
Confidence
high
Sources
2

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-1999-0639 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS and timeline data

No CVSS vectors or timeline events were available in the normalized CVE source material.

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.