Vulnerability Details CVE-2019-0708
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
- http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
- http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
- http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
- http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
- http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
- http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
- http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
- http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
- http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
- http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
- https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Products affected by CVE-2019-0708
-
cpe:2.3:a:siemens:syngo_lab_process_manager:-
-
cpe:2.3:h:huawei:agile_controller-campus:-
-
cpe:2.3:h:huawei:bh620_v2:-
-
cpe:2.3:h:huawei:bh621_v2:-
-
cpe:2.3:h:huawei:bh622_v2:-
-
cpe:2.3:h:huawei:bh640_v2:-
-
cpe:2.3:h:huawei:ch121:-
-
cpe:2.3:h:huawei:ch140:-
-
cpe:2.3:h:huawei:ch220:-
-
cpe:2.3:h:huawei:ch221:-
-
cpe:2.3:h:huawei:ch222:-
-
cpe:2.3:h:huawei:ch240:-
-
cpe:2.3:h:huawei:ch242:-
-
cpe:2.3:h:huawei:ch242_v3:-
-
cpe:2.3:h:huawei:e6000:-
-
cpe:2.3:h:huawei:e6000_chassis:-
-
cpe:2.3:h:huawei:elog:-
-
cpe:2.3:h:huawei:espace_ecs:-
-
cpe:2.3:h:huawei:gtsoftx3000:-
-
cpe:2.3:h:huawei:oceanstor_18500:-
-
cpe:2.3:h:huawei:oceanstor_18800:-
-
cpe:2.3:h:huawei:oceanstor_18800f:-
-
cpe:2.3:h:huawei:oceanstor_hvs85t:-
-
cpe:2.3:h:huawei:oceanstor_hvs88t:-
-
cpe:2.3:h:huawei:rh1288_v2:-
-
cpe:2.3:h:huawei:rh1288a_v2:-
-
cpe:2.3:h:huawei:rh2265_v2:-
-
cpe:2.3:h:huawei:rh2268_v2:-
-
cpe:2.3:h:huawei:rh2285_v2:-
-
cpe:2.3:h:huawei:rh2285h_v2:-
-
cpe:2.3:h:huawei:rh2288_v2:-
-
cpe:2.3:h:huawei:rh2288a_v2:-
-
cpe:2.3:h:huawei:rh2288e_v2:-
-
cpe:2.3:h:huawei:rh2288h_v2:-
-
cpe:2.3:h:huawei:rh2485_v2:-
-
cpe:2.3:h:huawei:rh5885_v2:-
-
cpe:2.3:h:huawei:rh5885_v3:-
-
cpe:2.3:h:huawei:seco_vsm:-
-
cpe:2.3:h:huawei:smc2.0:-
-
cpe:2.3:h:huawei:uma:-
-
cpe:2.3:h:huawei:x6000:-
-
cpe:2.3:h:huawei:x8000:-
-
cpe:2.3:h:siemens:aptio:-
-
cpe:2.3:h:siemens:atellica_solution:-
-
cpe:2.3:h:siemens:axiom_multix_m:-
-
cpe:2.3:h:siemens:axiom_vertix_md_trauma:-
-
cpe:2.3:h:siemens:axiom_vertix_solitaire_m:-
-
cpe:2.3:h:siemens:centralink:-
-
cpe:2.3:h:siemens:lantis:-
-
cpe:2.3:h:siemens:mobilett_xp_digital:-
-
cpe:2.3:h:siemens:multix_pro:-
-
cpe:2.3:h:siemens:multix_pro_acss:-
-
cpe:2.3:h:siemens:multix_pro_acss_p:-
-
cpe:2.3:h:siemens:multix_pro_navy:-
-
cpe:2.3:h:siemens:multix_pro_p:-
-
cpe:2.3:h:siemens:multix_swing:-
-
cpe:2.3:h:siemens:multix_top:-
-
cpe:2.3:h:siemens:multix_top_acss:-
-
cpe:2.3:h:siemens:multix_top_acss_p:-
-
cpe:2.3:h:siemens:multix_top_p:-
-
cpe:2.3:h:siemens:rapidpoint_500:-
-
cpe:2.3:h:siemens:streamlab:-
-
cpe:2.3:h:siemens:vertix_solitaire:-
-
cpe:2.3:h:siemens:viva_e:-
-
cpe:2.3:h:siemens:viva_twin:-
-
cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00
-
cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10
-
cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00
-
cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:ch121_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch140_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch220_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch221_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch222_firmware:v100r002c00
-
cpe:2.3:o:huawei:ch240_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch242_firmware:v100r001c00
-
cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00
-
cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00
-
cpe:2.3:o:huawei:e6000_firmware:v100r002c00
-
cpe:2.3:o:huawei:elog_firmware:v200r003c10
-
cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00
-
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100
-
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300
-
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100
-
cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300
-
cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300
-
cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300
-
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00
-
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200
-
cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00
-
cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200
-
cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00
-
cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00
-
cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00
-
cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00
-
cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00
-
cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00
-
cpe:2.3:o:huawei:uma_firmware:v200r001c00
-
cpe:2.3:o:huawei:uma_firmware:v300r001c00
-
cpe:2.3:o:huawei:x6000_firmware:v100r002c00
-
cpe:2.3:o:huawei:x8000_firmware:v100r002c20
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:siemens:aptio_firmware:-
-
cpe:2.3:o:siemens:atellica_solution_firmware:-
-
cpe:2.3:o:siemens:axiom_multix_m_firmware:-
-
cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:-
-
cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:-
-
cpe:2.3:o:siemens:centralink_firmware:-
-
cpe:2.3:o:siemens:lantis_firmware:-
-
cpe:2.3:o:siemens:mobilett_xp_digital_firmware:-
-
cpe:2.3:o:siemens:multix_pro_acss_firmware:-
-
cpe:2.3:o:siemens:multix_pro_acss_p_firmware:-
-
cpe:2.3:o:siemens:multix_pro_firmware:-
-
cpe:2.3:o:siemens:multix_pro_navy_firmware:-
-
cpe:2.3:o:siemens:multix_pro_p_firmware:-
-
cpe:2.3:o:siemens:multix_swing_firmware:-
-
cpe:2.3:o:siemens:multix_top_acss_firmware:-
-
cpe:2.3:o:siemens:multix_top_acss_p_firmware:-
-
cpe:2.3:o:siemens:multix_top_firmware:-
-
cpe:2.3:o:siemens:multix_top_p_firmware:-
-
cpe:2.3:o:siemens:rapidpoint_500_firmware:-
-
cpe:2.3:o:siemens:rapidpoint_500_firmware:2.3
-
cpe:2.3:o:siemens:rapidpoint_500_firmware:2.3.2
-
cpe:2.3:o:siemens:streamlab_firmware:-
-
cpe:2.3:o:siemens:vertix_solitaire_firmware:-
-
cpe:2.3:o:siemens:viva_e_firmware:-
-
cpe:2.3:o:siemens:viva_twin_firmware:-