ByteOS Network

CVE Vulnerability Details :

CVE-2019-0708

PUBLISHED

Known KEV

More Info Official Page

Assigner-microsoft

Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8

View Known Exploited Vulnerability (KEV) details

Published At-16 May, 2019 | 18:17

Updated At-30 Jul, 2025 | 01:46

▼CVE Numbering Authority (CNA)

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Affected Products

Vendor

Microsoft Corporation

Product

Windows

Versions

Affected

7 for 32-bit Systems Service Pack 1
7 for x64-based Systems Service Pack 1

Vendor

Microsoft Corporation

Product

Windows Server

Versions

Affected

2008 R2 for x64-based Systems Service Pack 1 (Core installation)
2008 R2 for Itanium-Based Systems Service Pack 1
2008 R2 for x64-based Systems Service Pack 1
2008 for 32-bit Systems Service Pack 2 (Core installation)
2008 for Itanium-Based Systems Service Pack 2
2008 for 32-bit Systems Service Pack 2
2008 for x64-based Systems Service Pack 2
2008 for x64-based Systems Service Pack 2 (Core installation)

Problem Types

Type	CWE ID	Description
text	N/A	Remote Code Execution

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf	x_refsource_CONFIRM
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf	x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en	x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en	x_refsource_CONFIRM
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html	x_refsource_MISC
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html	x_refsource_MISC
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html	x_refsource_MISC
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html	x_refsource_MISC
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html	x_refsource_MISC

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708	x_refsource_MISC x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf	x_refsource_CONFIRM x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf	x_refsource_CONFIRM x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en	x_refsource_CONFIRM x_transferred
http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en	x_refsource_CONFIRM x_transferred
http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html	x_refsource_MISC x_transferred
http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html	x_refsource_MISC x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-416	CWE-416 Use After Free

Metrics

Version	Base score	Base severity	Vector
3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Metrics Other Info

kev

dateAdded:

2021-11-03

reference:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0708

Timeline

Event	Date
CVE-2019-0708 added to CISA KEV	2021-11-03 00:00:00

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References