CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2019-0708

CVSS 9.8v3.1pub. 2019-05-16upd. 2025-10-29

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Huawei Agile Controller Campus

    HW
    Huawei
    wszystkie wersje
  • Huawei Agile Controller Campus Firmware

    OS
    Huawei
    v100r002c00v100r002c10
  • Huawei Bh620 V2

    HW
    Huawei
    wszystkie wersje
  • Huawei Bh620 V2 Firmware

    OS
    Huawei
    v100r002c00
  • Huawei Bh621 V2

    HW
    Huawei
    wszystkie wersje
  • Huawei Bh621 V2 Firmware

    OS
    Huawei
    v100r002c00
  • Huawei Bh622 V2

    HW
    Huawei
    wszystkie wersje
  • Huawei Bh622 V2 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Bh640 V2

    HW
    Huawei
    wszystkie wersje
  • Huawei Bh640 V2 Firmware

    OS
    Huawei
    v100r002c00
  • Huawei Ch121

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch121 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch140

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch140 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch220

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch220 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch221

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch221 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch222

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch222 Firmware

    OS
    Huawei
    v100r002c00
  • Huawei Ch240

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch240 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch242

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch242 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei Ch242 V3

    HW
    Huawei
    wszystkie wersje
  • Huawei Ch242 V3 Firmware

    OS
    Huawei
    v100r001c00
  • Huawei E6000

    HW
    Huawei
    wszystkie wersje
  • Huawei E6000 Chassis

    HW
    Huawei
    wszystkie wersje
  • Huawei E6000 Chassis Firmware

    OS
    Huawei
    v100r001c00
  • Huawei E6000 Firmware

    OS
    Huawei
    v100r002c00

CISA KEV — detailsi

Vendori
Microsoft
Producti
Remote Desktop Services
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Ransomwarei
Active ransomware campaigns exploit this vulnerability
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARECISA DEADLINE: 3 maja 2022
Tags
RCEAuth BypassMemory
CWE
References

Related vulnerabilities

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...

CVE-2015-1635CRITICAL9.8⚠ KEVten sam produkt

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 20...