CVE-2019-0708 - Vulnerability Details

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Huawei	Agile Controller-campus Agile Controller-campus Firmware Bh620 V2 Bh620 V2 Firmware Bh621 V2 Bh621 V2 Firmware Bh622 V2 Bh622 V2 Firmware Bh640 V2 Bh640 V2 Firmware Ch121 Ch121 Firmware Ch140 Ch140 Firmware Ch220 Ch220 Firmware Ch221 Ch221 Firmware Ch222 Ch222 Firmware Ch240 Ch240 Firmware Ch242 Ch242 Firmware Ch242 V3 Ch242 V3 Firmware E6000 E6000 Chassis E6000 Chassis Firmware E6000 Firmware Elog Elog Firmware Espace Ecs Espace Ecs Firmware Gtsoftx3000 Gtsoftx3000 Firmware Oceanstor 18500 Oceanstor 18500 Firmware Oceanstor 18800 Oceanstor 18800 Firmware Oceanstor 18800f Oceanstor 18800f Firmware Oceanstor Hvs85t Oceanstor Hvs85t Firmware Oceanstor Hvs88t Oceanstor Hvs88t Firmware Rh1288 V2 Rh1288 V2 Firmware Rh1288a V2 Rh1288a V2 Firmware Rh2265 V2 Rh2265 V2 Firmware Rh2268 V2 Rh2268 V2 Firmware Rh2285 V2 Rh2285 V2 Firmware Rh2285h V2 Rh2285h V2 Firmware Rh2288 V2 Rh2288 V2 Firmware Rh2288a V2 Rh2288a V2 Firmware Rh2288e V2 Rh2288e V2 Firmware Rh2288h V2 Rh2288h V2 Firmware Rh2485 V2 Rh2485 V2 Firmware Rh5885 V2 Rh5885 V2 Firmware Rh5885 V3 Rh5885 V3 Firmware Seco Vsm Seco Vsm Firmware Smc2.0 Smc2.0 Firmware Uma Uma Firmware X6000 X6000 Firmware X8000 X8000 Firmware
Microsoft	Windows 7 Windows Server 2008
Siemens	Aptio Aptio Firmware Atellica Solution Atellica Solution Firmware Axiom Multix M Axiom Multix M Firmware Axiom Vertix Md Trauma Axiom Vertix Md Trauma Firmware Axiom Vertix Solitaire M Axiom Vertix Solitaire M Firmware Centralink Centralink Firmware Lantis Lantis Firmware Mobilett Xp Digital Mobilett Xp Digital Firmware Multix Pro Multix Pro Acss Multix Pro Acss Firmware Multix Pro Acss P Multix Pro Acss P Firmware Multix Pro Firmware Multix Pro Navy Multix Pro Navy Firmware Multix Pro P Multix Pro P Firmware Multix Swing Multix Swing Firmware Multix Top Multix Top Acss Multix Top Acss Firmware Multix Top Acss P Multix Top Acss P Firmware Multix Top Firmware Multix Top P Multix Top P Firmware Rapidpoint 500 Rapidpoint 500 Firmware Streamlab Streamlab Firmware Syngo Lab Process Manager Vertix Solitaire Vertix Solitaire Firmware Viva E Viva E Firmware Viva Twin Viva Twin Firmware

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::

Configuration 2 [-]

AND

cpe:2.3:o:siemens:axiom_multix_m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:axiom_multix_m:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:axiom_vertix_md_trauma_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:axiom_vertix_md_trauma:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:axiom_vertix_solitaire_m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:axiom_vertix_solitaire_m:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:mobilett_xp_digital_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:mobilett_xp_digital:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:multix_pro_acss_p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_pro_acss_p:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:multix_pro_p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_pro_p:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:multix_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_pro:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:multix_pro_acss_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_pro_acss:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:multix_pro_navy_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_pro_navy:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:multix_swing_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_swing:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:multix_top_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_top:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:multix_top_acss_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_top_acss:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:multix_top_p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_top_p:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:multix_top_acss_p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:multix_top_acss_p:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:vertix_solitaire_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:vertix_solitaire:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:atellica_solution_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:atellica_solution:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:aptio_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:aptio:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:streamlab_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:streamlab:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:centralink_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:centralink:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:viva_e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:viva_e:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:viva_twin_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:viva_twin:-:*:*:*:*:*:*:*

Configuration 23 [-]

cpe:2.3:a:siemens:syngo_lab_process_manager:*:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:rapidpoint_500:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:lantis_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:lantis:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

OR	cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c00:::::::*
	cpe:2.3:o:huawei:agile_controller-campus_firmware:v100r002c10:::::::*

cpe:2.3:h:huawei:agile_controller-campus:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:huawei:bh620_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:bh620_v2:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:huawei:bh621_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:bh621_v2:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:huawei:bh622_v2_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:bh622_v2:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:huawei:bh640_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:bh640_v2:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:huawei:ch121_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch121:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:huawei:ch140_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch140:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:huawei:ch220_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch220:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:huawei:ch221_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch221:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:huawei:ch222_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch222:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:huawei:ch240_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch240:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:huawei:ch242_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch242:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:huawei:ch242_v3_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:ch242_v3:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:huawei:e6000_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e6000:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:huawei:e6000_chassis_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e6000_chassis:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

OR	cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r001c01spc100:::::::*
	cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c00spc300:::::::*
	cpe:2.3:o:huawei:gtsoftx3000_firmware:v200r002c10spc100:::::::*

cpe:2.3:h:huawei:gtsoftx3000:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:huawei:oceanstor_18500_firmware:v100r001c30spc300:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18500:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800_firmware:v100r001c30spc300:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:huawei:oceanstor_18800f_firmware:v100r001c30spc300:*:*:*:*:*:*:*

cpe:2.3:h:huawei:oceanstor_18800f:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

OR	cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c00:::::::*
	cpe:2.3:o:huawei:oceanstor_hvs85t_firmware:v100r001c30spc200:::::::*

cpe:2.3:h:huawei:oceanstor_hvs85t:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

OR	cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c00:::::::*
	cpe:2.3:o:huawei:oceanstor_hvs88t_firmware:v100r001c30spc200:::::::*

cpe:2.3:h:huawei:oceanstor_hvs88t:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:huawei:rh1288_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh1288_v2:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:huawei:rh1288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh1288a_v2:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:huawei:rh2265_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2265_v2:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:huawei:rh2268_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2268_v2:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:huawei:rh2285_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2285_v2:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:huawei:rh2285h_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2285h_v2:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:huawei:rh2288_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288_v2:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:huawei:rh2288a_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288a_v2:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:huawei:rh2288e_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288e_v2:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:huawei:rh2288h_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2288h_v2:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:huawei:rh2485_v2_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh2485_v2:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:huawei:rh5885_v2_firmware:v100r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh5885_v2:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:huawei:rh5885_v3_firmware:v100r003c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:rh5885_v3:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

OR	cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:::::::*
	cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:::::::*

cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:huawei:seco_vsm_firmware:v200r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:seco_vsm:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

OR	cpe:2.3:o:huawei:uma_firmware:v200r001c00:::::::*
	cpe:2.3:o:huawei:uma_firmware:v300r001c00:::::::*

cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:huawei:x6000_firmware:v100r002c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:x6000:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:huawei:x8000_firmware:v100r002c20:*:*:*:*:*:*:*

cpe:2.3:h:huawei:x8000:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:huawei:elog_firmware:v200r003c10:*:*:*:*:*:*:*

cpe:2.3:h:huawei:elog:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:huawei:espace_ecs_firmware:v300r001c00:*:*:*:*:*:*:*

cpe:2.3:h:huawei:espace_ecs:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

History

Fri, 07 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2019-05-16T18:17:00.000Z

Updated: 2025-02-07T16:28:16.043Z

Reserved: 2018-11-26T00:00:00.000Z

Link: CVE-2019-0708

Vulnrichment

Updated: 2024-08-04T17:51:27.186Z

NVD

Status : Modified

Published: 2019-05-16T19:29:00.427

Modified: 2025-02-07T17:15:15.520

Link: CVE-2019-0708

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object