Vulnerability Details : CVE-2019-0708
Public exploit exists!
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Vulnerability category: Execute code
Products affected by CVE-2019-0708
- cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:axiom_multix_m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:mobilett_xp_digital_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_pro_acss_p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_pro_p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_pro_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_pro_acss_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_pro_navy_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_swing_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_top_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_top_acss_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_top_p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:multix_top_acss_p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:vertix_solitaire_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:atellica_solution_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:aptio_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:streamlab_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:centralink_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:viva_e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:viva_twin_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:syngo_lab_process_manager:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:lantis_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:uma_firmware:v300r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e6000_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch121_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch140_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch220_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch221_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch222_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch240_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:ch242_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:x6000_firmware:v100r002c00:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:x8000_firmware:v100r002c20:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:elog_firmware:v200r003c10:*:*:*:*:*:*:*
- cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00:*:*:*:*:*:*:*
CVE-2019-0708 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerabil
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-0708
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2019-0708
97.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-0708
-
CVE-2019-0708 BlueKeep Microsoft Remote Desktop RCE Check
Disclosure Date: 2019-05-14First seen: 2020-04-26auxiliary/scanner/rdp/cve_2019_0708_bluekeepThis module checks a range of hosts for the CVE-2019-0708 vulnerability by binding the MS_T120 channel outside of its normal slot and sending non-DoS packets which respond differently on patched and vulnerable hosts. It can optionally trigger the DoS vulnerab -
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
Disclosure Date: 2019-05-14First seen: 2020-04-26exploit/windows/rdp/cve_2019_0708_bluekeep_rceThe RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed ch
CVSS scores for CVE-2019-0708
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-25 |
CWE ids for CVE-2019-0708
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-0708
-
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
Microsoft RDP Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
Microsoft Windows Remote Desktop BlueKeep Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
BlueKeep RDP Remote Windows Kernel Use-After-Free ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
Microsoft Windows RDP BlueKeep Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
Third Party Advisory
-
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
Microsoft Windows 7 (x86) BlueKeep RDP Use-After-Free ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
Security Advisory - Remote Code Execution Vulnerability in Some Microsoft Windows SystemsThird Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
Third Party Advisory
-
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
Security Notice - Statement on Microsoft Remote Code Execution Vulnerability(CVE-2019-0708)Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
Third Party Advisory
-
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
Third Party Advisory
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
CVE-2019-0708 | Remote Desktop Services Remote Code Execution VulnerabilityPatch;Vendor Advisory
Jump to