Known Exploited Vulnerability
9.8
CRITICAL
CVE-2019-0708
Microsoft Remote Desktop Services Remote Code Exec - [Actively Exploited]
Description

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

INFO

Published Date :

May 16, 2019, 7:29 p.m.

Last Modified :

Nov. 21, 2024, 4:17 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

Required Action :

Apply updates per vendor instructions.

Notes :

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

Public PoC/Exploit Available at Github

CVE-2019-0708 has a 378 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2019-0708 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Huawei smc2.0_firmware
2 Huawei rh2288a_v2_firmware
3 Huawei rh1288a_v2_firmware
4 Huawei ch242_v3_firmware
5 Huawei e6000_firmware
6 Huawei oceanstor_18500_firmware
7 Huawei oceanstor_18800_firmware
8 Huawei oceanstor_18800f_firmware
9 Huawei oceanstor_hvs85t_firmware
10 Huawei uma_firmware
11 Huawei agile_controller-campus_firmware
12 Huawei agile_controller-campus
13 Huawei bh620_v2_firmware
14 Huawei bh620_v2
15 Huawei bh621_v2_firmware
16 Huawei bh621_v2
17 Huawei bh622_v2_firmware
18 Huawei bh622_v2
19 Huawei bh640_v2_firmware
20 Huawei bh640_v2
21 Huawei ch121_firmware
22 Huawei ch121
23 Huawei ch140_firmware
24 Huawei ch140
25 Huawei ch220_firmware
26 Huawei ch220
27 Huawei ch221_firmware
28 Huawei ch221
29 Huawei ch222_firmware
30 Huawei ch222
31 Huawei ch240_firmware
32 Huawei ch240
33 Huawei ch242_firmware
34 Huawei ch242
35 Huawei ch242_v3
36 Huawei e6000
37 Huawei e6000_chassis_firmware
38 Huawei e6000_chassis
39 Huawei gtsoftx3000_firmware
40 Huawei gtsoftx3000
41 Huawei oceanstor_18500
42 Huawei oceanstor_18800
43 Huawei oceanstor_18800f
44 Huawei oceanstor_hvs85t
45 Huawei oceanstor_hvs88t_firmware
46 Huawei oceanstor_hvs88t
47 Huawei rh1288_v2_firmware
48 Huawei rh1288_v2
49 Huawei rh1288a_v2
50 Huawei rh2265_v2_firmware
51 Huawei rh2265_v2
52 Huawei rh2268_v2_firmware
53 Huawei rh2268_v2
54 Huawei rh2285_v2_firmware
55 Huawei rh2285_v2
56 Huawei rh2285h_v2_firmware
57 Huawei rh2285h_v2
58 Huawei rh2288_v2_firmware
59 Huawei rh2288_v2
60 Huawei rh2288a_v2
61 Huawei rh2288e_v2_firmware
62 Huawei rh2288e_v2
63 Huawei rh2288h_v2_firmware
64 Huawei rh2288h_v2
65 Huawei rh2485_v2_firmware
66 Huawei rh2485_v2
67 Huawei rh5885_v2_firmware
68 Huawei rh5885_v2
69 Huawei rh5885_v3_firmware
70 Huawei rh5885_v3
71 Huawei smc2.0
72 Huawei seco_vsm_firmware
73 Huawei seco_vsm
74 Huawei uma
75 Huawei x6000_firmware
76 Huawei x6000
77 Huawei x8000_firmware
78 Huawei x8000
79 Huawei elog_firmware
80 Huawei elog
81 Huawei espace_ecs_firmware
82 Huawei espace_ecs
1 Siemens rapidpoint_500_firmware
2 Siemens axiom_multix_m_firmware
3 Siemens axiom_multix_m
4 Siemens axiom_vertix_md_trauma_firmware
5 Siemens axiom_vertix_md_trauma
6 Siemens axiom_vertix_solitaire_m_firmware
7 Siemens axiom_vertix_solitaire_m
8 Siemens mobilett_xp_digital_firmware
9 Siemens mobilett_xp_digital
10 Siemens multix_pro_acss_p_firmware
11 Siemens multix_pro_acss_p
12 Siemens multix_pro_p_firmware
13 Siemens multix_pro_p
14 Siemens multix_pro_firmware
15 Siemens multix_pro
16 Siemens multix_pro_acss_firmware
17 Siemens multix_pro_acss
18 Siemens multix_pro_navy_firmware
19 Siemens multix_pro_navy
20 Siemens multix_swing_firmware
21 Siemens multix_swing
22 Siemens multix_top_firmware
23 Siemens multix_top
24 Siemens multix_top_acss_firmware
25 Siemens multix_top_acss
26 Siemens multix_top_p_firmware
27 Siemens multix_top_p
28 Siemens multix_top_acss_p_firmware
29 Siemens multix_top_acss_p
30 Siemens vertix_solitaire_firmware
31 Siemens vertix_solitaire
32 Siemens atellica_solution_firmware
33 Siemens atellica_solution
34 Siemens aptio_firmware
35 Siemens aptio
36 Siemens streamlab_firmware
37 Siemens streamlab
38 Siemens centralink_firmware
39 Siemens centralink
40 Siemens viva_e_firmware
41 Siemens viva_e
42 Siemens viva_twin_firmware
43 Siemens viva_twin
44 Siemens syngo_lab_process_manager
45 Siemens rapidpoint_500
46 Siemens lantis_firmware
47 Siemens lantis
1 Microsoft windows_7
2 Microsoft windows_server_2008
3 Microsoft windows_server_2003
4 Microsoft windows_vista
5 Microsoft windows_xp
6 Microsoft windows_server
7 Microsoft windows
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2019-0708.

URL Resource
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en Third Party Advisory
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 Patch Vendor Advisory
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html Exploit Third Party Advisory VDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en Third Party Advisory
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : Dec. 13, 2024, 2:22 p.m. This repo has been linked 2 different CVEs too.

None

Shell

Updated: 2 weeks, 3 days ago
0 stars 0 fork 0 watcher
Born at : Dec. 3, 2024, 3:50 p.m. This repo has been linked 1 different CVEs too.

3389RDPCVE-2019-0708漏洞复现资源文件介绍分享 免费下载

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 30, 2024, 12:27 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 3 weeks, 5 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 25, 2024, 11:20 a.m. This repo has been linked 20 different CVEs too.

None

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : Nov. 24, 2024, 2:32 p.m. This repo has been linked 1 different CVEs too.

None

Python Batchfile PowerShell VBScript

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Nov. 19, 2024, 4:50 p.m. This repo has been linked 6 different CVEs too.

A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities

attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc

Updated: 2 weeks, 4 days ago
1 stars 2 fork 2 watcher
Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.

None

Python Assembly

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 5, 2024, 5:47 p.m. This repo has been linked 1 different CVEs too.

DevTools is a network and security testing tool. Key features: subdomain discovery, port scanning, and vulnerability testing. New features: Reverse DNS Lookup, DNS Zone Transfer Testing, Open Redirect Testing, Command Injection Testing, and CVE Exploit Checker.

ddos domain find pentesting sql vunerability xss csrf injection ssl

Python

Updated: 1 month, 1 week ago
1 stars 1 fork 1 watcher
Born at : Nov. 3, 2024, 4:14 p.m. This repo has been linked 3 different CVEs too.

None

Python

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 31, 2024, 12:57 p.m. This repo has been linked 1 different CVEs too.

OSCP Notes

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Oct. 27, 2024, 9:33 a.m. This repo has been linked 5 different CVEs too.

INE/eLearnSecurity Junior Penetration Tester (eJPTv2) Notes

Updated: 2 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : Sept. 29, 2024, 9:43 p.m. This repo has been linked 3 different CVEs too.

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

HTML

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 20, 2024, 3:27 a.m. This repo has been linked 210 different CVEs too.

Nmap on crack using py

Python

Updated: 3 months ago
1 stars 0 fork 0 watcher
Born at : Sept. 16, 2024, 4:42 a.m. This repo has been linked 7 different CVEs too.

None

Updated: 3 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 15, 2024, 6:28 a.m. This repo has been linked 20 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2019-0708 vulnerability anywhere in the article.

  • The Cyber Express
December 2024 Cyble Report: Malware, Phishing, and IoT Vulnerabilities on the Rise

The latest Sensor Intelligence Report from Cyble, dated December 4–10, 2024, sheds light on a troubling increase in cyber threats, including malware intrusions, phishing scams, and attacks targeting v ... Read more

Published Date: Dec 16, 2024 (6 days, 1 hour ago)
  • security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

Published Date: Nov 12, 2024 (1 month, 1 week ago)
  • Trend Micro
Unmasking Prometei: A Deep Dive Into Our MXDR Findings

Cyber Threats How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehen ... Read more

Published Date: Oct 23, 2024 (1 month, 4 weeks ago)
  • Dark Reading
Why End of Life for Applications Is the Beginning of Life for Hackers

Source: Artur Szczybylo via Alamy Stock PhotoCOMMENTARYWe all get older. In IT, we face problems around aging software and keeping up with patches and updates. But there is another set of dates we sho ... Read more

Published Date: Aug 22, 2024 (3 months, 4 weeks ago)
  • malwaretech.com
[Video] Exploiting Windows RPC – CVE-2022-26809 Explained | Patch Analysis

Walking through my process of how I use patch analysis and reverse engineering to find vulnerabilities, then evaluate the risk and exploitability of bugs. ... Read more

Published Date: Apr 23, 2022 (2 years, 7 months ago)
  • curatedintel.org
Hacktivist group shares details related to Belarusian Railways hack

On Monday 24 January 2022, a Belarusian hacktivist group going by the name Belarusian Cyber-Partisans claimed responsibility for a limited attack against the national railway company. A primary object ... Read more

Published Date: Jan 25, 2022 (2 years, 10 months ago)

The following table lists the changes that have been made to the CVE-2019-0708 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
    Added Reference http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
    Added Reference http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
    Added Reference http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
    Added Reference http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
    Added Reference http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
    Added Reference http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
    Added Reference https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
  • Modified Analysis by [email protected]

    Jul. 25, 2024

    Action Type Old Value New Value
    Removed CVSS V3 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html Third Party Advisory, VDB Entry http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html No Types Assigned http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html No Types Assigned http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html Exploit, Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html No Types Assigned http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html Third Party Advisory, VDB Entry
    Changed Reference Type http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html No Types Assigned http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry
    Changed CPE Configuration OR *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* *cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:* OR *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:axiom_multix_m_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:axiom_multix_m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:axiom_vertix_md_trauma:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:axiom_vertix_solitaire_m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:mobilett_xp_digital_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:mobilett_xp_digital:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_pro_acss_p_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_pro_acss_p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_pro_p_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_pro_p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_pro_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_pro:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_pro_acss_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_pro_acss:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_pro_navy_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_pro_navy:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_swing_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_swing:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_top_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_top:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_top_acss_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_top_acss:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_top_p_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_top_p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:multix_top_acss_p_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:multix_top_acss_p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:vertix_solitaire_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:vertix_solitaire:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:atellica_solution_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:atellica_solution:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:aptio_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:aptio:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:streamlab_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:streamlab:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:centralink_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:centralink:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:viva_e_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:viva_e:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:viva_twin_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:viva_twin:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:siemens:syngo_lab_process_manager:*:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:* versions up to (including) 2.3.2 OR cpe:2.3:h:siemens:rapidpoint_500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:lantis_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:lantis:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:*:*:*:*:*:*:* *cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:agile_controller-campus:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:bh620_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:bh621_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:bh622_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:bh640_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch121_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch121:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch140_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch140:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch220_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch220:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch221_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch221:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch222_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch222:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch240_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch240:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch242_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch242:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:e6000_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:e6000_chassis:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100:*:*:*:*:*:*:* *cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300:*:*:*:*:*:*:* *cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:gtsoftx3000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00:*:*:*:*:*:*:* *cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00:*:*:*:*:*:*:* *cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:oceanstor_hvs88t:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh1288_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh1288a_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2265_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2268_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2285_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2285h_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2288_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2288a_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2288e_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2288h_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh2485_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh5885_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:rh5885_v3:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:* *cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:seco_vsm:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:* *cpe:2.3:o:huawei:uma_firmware:v300r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:x6000_firmware:v100r002c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:x6000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:x8000_firmware:v100r002c20:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:x8000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:elog_firmware:v200r003c10:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:elog:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00:*:*:*:*:*:*:* OR cpe:2.3:h:huawei:espace_ecs:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jun. 03, 2021

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html [No Types Assigned]
  • CWE Remap by [email protected]

    Aug. 24, 2020

    Action Type Old Value New Value
    Changed CWE CWE-20 CWE-416
  • CVE Modified by [email protected]

    Nov. 19, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 23, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 15, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html [No Types Assigned]
  • Modified Analysis by [email protected]

    Jun. 03, 2019

    Action Type Old Value New Value
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf Third Party Advisory
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf Third Party Advisory
    Changed Reference Type http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en No Types Assigned http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en Third Party Advisory
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf Third Party Advisory
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf Third Party Advisory
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf Third Party Advisory
    Changed Reference Type http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en No Types Assigned http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en Third Party Advisory
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf Third Party Advisory
    Changed Reference Type http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html No Types Assigned http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html Third Party Advisory, VDB Entry
    Changed CPE Configuration OR *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:* *cpe:2.3:o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:* *cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*
  • CVE Modified by [email protected]

    May. 31, 2019

    Action Type Old Value New Value
    Added Reference http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html [No Types Assigned]
  • CVE Modified by [email protected]

    May. 29, 2019

    Action Type Old Value New Value
    Added Reference http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en [No Types Assigned]
  • CVE Modified by [email protected]

    May. 29, 2019

    Action Type Old Value New Value
    Added Reference http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en [No Types Assigned]
  • CVE Modified by [email protected]

    May. 24, 2019

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf [No Types Assigned]
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf [No Types Assigned]
  • CVE Modified by [email protected]

    May. 24, 2019

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf [No Types Assigned]
  • Initial Analysis by [email protected]

    May. 16, 2019

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 No Types Assigned https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 Patch, Vendor Advisory
    Added CWE CWE-20
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
  • CVE Modified by [email protected]

    May. 16, 2019

    Action Type Old Value New Value
    Changed Description A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services� Remote Code Execution Vulnerability'. A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2019-0708 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2019-0708 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

97.52 }} 0.02%

score

0.99995

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability