Vulnerability CVE-2019-0708 - CERT Civis.Net

Vulnerability Name:

CVE-2019-0708 (CCN-160356)

Assigned:

2018-11-26

Published:

2019-05-14

Updated:

2021-06-03

Summary:

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.1 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2019-0708

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html

Source: CONFIRM
Type: Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en

Source: CONFIRM
Type: Third Party Advisory
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf

Source: XF
Type: UNKNOWN
ms-windows-cve20190708-code-exec(160356)

Source: CCN
Type: GITHub Web site
bluekeep_poc.py

Source: CCN
Type: GITHub Web site
bluekeep_weaponized_dos.py

Source: CCN
Type: GITHub Web site
CVE-2019-0708/crashpoc.py

Source: CCN
Type: GITHub Web site
CVE-2019-0708/poc.py

Source: CCN
Type: SANS ISC InfoSec Forums
An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]

Source: CCN
Type: Packet Storm Security [05-30-2019]
Microsoft Windows Remote Desktop BlueKeep Denial Of Service

Source: CCN
Type: Packet Storm Security [07-15-2019]
Microsoft Windows RDP BlueKeep Denial Of Service

Source: CCN
Type: Packet Storm Security [09-23-2019]
BlueKeep RDP Remote Windows Kernel Use-After-Free

Source: CCN
Type: Packet Storm Security [11-19-2019]
Microsoft Windows 7 (x86) BlueKeep RDP Use-After-Free

Source: CCN
Type: Packet Storm Security [06-03-2021]
Microsoft RDP Remote Code Execution

Source: CCN
Type: Microsoft Security TechCenter - May 2019
Remote Desktop Services Remote Code Execution Vulnerability

Source: MISC
Type: Patch, Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Source: CCN
Type: Microsoft Windows Security Support
Customer guidance for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability: May 14, 2019

Source: CCN
Type: Microsoft Update Catalog
Security Update for Windows XP SP3 (KB4500331)

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-30-2019]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-15-2019]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-24-2019]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database 11-19-2019]

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:*:*:x86:*

OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x86:*

OR cpe:/o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2003:r2:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:*:*

OR cpe:/o:microsoft:windows:server_2003:*:sp2:*:*:*:x64:*

OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*

OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:*

OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

OR cpe:/o:microsoft:windows_xp:-:sp3:*:*:embedded:*:x86:*

Denotes that component is vulnerable