CVE-2019-0708
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH
10,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete
Description
AI Translation Available
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9446
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
416
Use After Free
StableCommon Consequences
Security Scopes Affected:
Integrity
Availability
Confidentiality
Potential Impacts:
Modify Memory
Dos: Crash, Exit, Or Restart
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Exploit
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of …
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service
View Exploit Code →
Exploit
Microsoft Windows Remote Desktop - 'BlueKeep' Denial of …
Denial of Service (DoS)Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)
View Exploit Code →
Exploit
Microsoft Windows - BlueKeep RDP Remote Windows Kernel …
Verified Use After Free (UAF)Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
View Exploit Code →
Exploit
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop …
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
View Exploit Code →
Operating System
Centralink Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:centralink_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Gtsoftx3000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Streamlab Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:streamlab_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2268 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Uma Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor 18500 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Seco Vsm Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
E6000 Chassis Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor Hvs88T Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Atellica Solution Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:atellica_solution_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2288 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Uma Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:uma_firmware:v300r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2285H V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2265 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
X8000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:x8000_firmware:v100r002c20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Pro Acss Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_pro_acss_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Lantis Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:lantis_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Aptio Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:aptio_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh5885 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch242 V3 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2288H V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2485 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor 18800 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows Server 2008 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Pro Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_pro_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Smc2.0 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Bh622 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch242 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch242_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor Hvs85T Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch121 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch121_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch221 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch221_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Pro P Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_pro_p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Axiom Vertix Md Trauma Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Mobilett Xp Digital Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:mobilett_xp_digital_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
E6000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:e6000_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh5885 V3 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch240 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch240_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Axiom Multix M Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:axiom_multix_m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Agile Controller-Campus Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch140 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch140_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Gtsoftx3000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Bh640 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Espace Ecs Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2285 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor Hvs85T Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Top Acss Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_top_acss_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh1288 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Top Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_top_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2288A V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Agile Controller-Campus Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Axiom Vertix Solitaire M Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Viva E Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:viva_e_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh2288E V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Syngo Lab Process Manager by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:a:siemens:syngo_lab_process_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Top P Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_top_p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor Hvs88T Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Smc2.0 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rh1288A V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Windows 7 by Microsoft
CPE Identifier
View Detailed Analysis
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Elog Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:elog_firmware:v200r003c10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Oceanstor 18800F Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Gtsoftx3000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Vertix Solitaire Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:vertix_solitaire_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Viva Twin Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:viva_twin_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Bh620 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Swing Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_swing_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Pro Acss P Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_pro_acss_p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch222 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch222_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Ch220 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:ch220_firmware:v100r001c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Pro Navy Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_pro_navy_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Bh621 V2 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Multix Top Acss P Firmware by Siemens
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:multix_top_acss_p_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
X6000 Firmware by Huawei
CPE Identifier
View Detailed Analysis
cpe:2.3:o:huawei:x6000_firmware:v100r002c00:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Rapidpoint 500 Firmware by Siemens
Version Range Affected
To
2.3.2
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-Bl…
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Deni…
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-…
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RD…
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution…
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-window…
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-Bl…
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Deni…
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-…
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RD…
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution…
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-window…
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en