CVE-2019-0708

Published: May 16, 2019Modified: Oct 29, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Affected (75)

Products: Microsoft: Windows 7, Windows Server 2008 · Siemens: Axiom Multix M Firmware, Axiom Vertix Md Trauma Firmware, Axiom Vertix Solitaire M Firmware, Mobilett Xp Digital Firmware, Multix Pro Acss P Firmware, Multix Pro P Firmware, Multix Pro Firmware, Multix Pro Acss Firmware, Multix Pro Navy Firmware, Multix Swing Firmware, Multix Top Firmware, Multix Top Acss Firmware, Multix Top P Firmware, Multix Top Acss P Firmware, Vertix Solitaire Firmware, Atellica Solution Firmware, Aptio Firmware, Streamlab Firmware, Centralink Firmware, Viva E Firmware, Viva Twin Firmware, Syngo Lab Process Manager, Rapidpoint 500 Firmware, Lantis Firmware · Huawei: Agile Controller Campus Firmware, Bh620 V2 Firmware, Bh621 V2 Firmware, Bh622 V2 Firmware, Bh640 V2 Firmware, Ch121 Firmware, Ch140 Firmware, Ch220 Firmware, Ch221 Firmware, Ch222 Firmware, Ch240 Firmware, Ch242 Firmware, Ch242 V3 Firmware, E6000 Firmware, E6000 Chassis Firmware, Gtsoftx3000 Firmware, Oceanstor 18500 Firmware, Oceanstor 18800 Firmware, Oceanstor 18800f Firmware, Oceanstor Hvs85t Firmware, Oceanstor Hvs88t Firmware, Rh1288 V2 Firmware, Rh1288a V2 Firmware, Rh2265 V2 Firmware, Rh2268 V2 Firmware, Rh2285 V2 Firmware, Rh2285h V2 Firmware, Rh2288 V2 Firmware, Rh2288a V2 Firmware, Rh2288e V2 Firmware, Rh2288h V2 Firmware, Rh2485 V2 Firmware, Rh5885 V2 Firmware, Rh5885 V3 Firmware, Smc2.0 Firmware, Seco Vsm Firmware, Uma Firmware, X6000 Firmware, X8000 Firmware, Elog Firmware, Espace Ecs Firmware

2 products

24 products

Axiom Multix M Firmware

Axiom Vertix Md Trauma Firmware

Axiom Vertix Solitaire M Firmware

Mobilett Xp Digital Firmware

Multix Pro Acss P Firmware

Multix Pro P Firmware

Multix Pro Firmware

Multix Pro Acss Firmware

Multix Pro Navy Firmware

Multix Swing Firmware

Multix Top Firmware

Multix Top Acss Firmware

Multix Top P Firmware

Multix Top Acss P Firmware

Vertix Solitaire Firmware

Atellica Solution Firmware

Syngo Lab Process Manager

Rapidpoint 500 Firmware

Lantis Firmware

Huawei

41 products

Agile Controller Campus Firmware

E6000 Chassis Firmware

Gtsoftx3000 Firmware

Oceanstor 18500 Firmware

Oceanstor 18800 Firmware

Oceanstor 18800f Firmware

Oceanstor Hvs85t Firmware

Oceanstor Hvs88t Firmware

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Axiom Multix M Firmware	All versions

Running on/with	Platform Versions
Siemens Axiom Multix M	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Axiom Vertix Md Trauma Firmware	All versions

Running on/with	Platform Versions
Siemens Axiom Vertix Md Trauma	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Axiom Vertix Solitaire M Firmware	All versions

Running on/with	Platform Versions
Siemens Axiom Vertix Solitaire M	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Mobilett Xp Digital Firmware	All versions

Running on/with	Platform Versions
Siemens Mobilett Xp Digital	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Pro Acss P Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Pro Acss P	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Pro P Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Pro P	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Pro Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Pro	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Pro Acss Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Pro Acss	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Pro Navy Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Pro Navy	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Swing Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Swing	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Top Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Top	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Top Acss Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Top Acss	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Top P Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Top P	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Multix Top Acss P Firmware	All versions

Running on/with	Platform Versions
Siemens Multix Top Acss P	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Vertix Solitaire Firmware	All versions

Running on/with	Platform Versions
Siemens Vertix Solitaire	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Atellica Solution Firmware	All versions

Running on/with	Platform Versions
Siemens Atellica Solution	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Aptio Firmware	All versions

Running on/with	Platform Versions
Siemens Aptio	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Streamlab Firmware	All versions

Running on/with	Platform Versions
Siemens Streamlab	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Centralink Firmware	All versions

Running on/with	Platform Versions
Siemens Centralink	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Viva E Firmware	All versions

Running on/with	Platform Versions
Siemens Viva E	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Viva Twin Firmware	All versions

Running on/with	Platform Versions
Siemens Viva Twin	All versions

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Syngo Lab Process Manager	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Rapidpoint 500 Firmware	Up to 2.3.2

Running on/with	Platform Versions
Siemens Rapidpoint 500	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Lantis Firmware	All versions

Running on/with	Platform Versions
Siemens Lantis	All versions

Configuration Z

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Agile Controller Campus Firmware	Version v100r002c00
Huawei Agile Controller Campus Firmware	Version v100r002c10

Running on/with	Platform Versions
Huawei Agile Controller Campus	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bh620 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Bh620 V2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bh621 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Bh621 V2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bh622 V2 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Bh622 V2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bh640 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Bh640 V2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch121 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch121	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch140 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch140	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch220 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch220	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch221 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch221	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch222 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Ch222	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch240 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch240	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch242 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch242	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Ch242 V3 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Ch242 V3	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei E6000 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei E6000	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei E6000 Chassis Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei E6000 Chassis	All versions

Configuration O

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Gtsoftx3000 Firmware	Version v200r001c01spc100
Huawei Gtsoftx3000 Firmware	Version v200r002c00spc300
Huawei Gtsoftx3000 Firmware	Version v200r002c10spc100

Running on/with	Platform Versions
Huawei Gtsoftx3000	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 18500 Firmware	Version v100r001c30spc300

Running on/with	Platform Versions
Huawei Oceanstor 18500	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 18800 Firmware	Version v100r001c30spc300

Running on/with	Platform Versions
Huawei Oceanstor 18800	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor 18800f Firmware	Version v100r001c30spc300

Running on/with	Platform Versions
Huawei Oceanstor 18800f	All versions

Configuration S

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor Hvs85t Firmware	Version v100r001c00
Huawei Oceanstor Hvs85t Firmware	Version v100r001c30spc200

Running on/with	Platform Versions
Huawei Oceanstor Hvs85t	All versions

Configuration T

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor Hvs88t Firmware	Version v100r001c00
Huawei Oceanstor Hvs88t Firmware	Version v100r001c30spc200

Running on/with	Platform Versions
Huawei Oceanstor Hvs88t	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh1288 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh1288 V2	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh1288a V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh1288a V2	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2265 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2265 V2	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2268 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2268 V2	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2285 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2285 V2	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2285h V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2285h V2	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2288 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2288 V2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2288a V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2288a V2	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2288e V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2288e V2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2288h V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2288h V2	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh2485 V2 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei Rh2485 V2	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh5885 V2 Firmware	Version v100r001c00

Running on/with	Platform Versions
Huawei Rh5885 V2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Rh5885 V3 Firmware	Version v100r003c00

Running on/with	Platform Versions
Huawei Rh5885 V3	All versions

Configuration H

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Smc2.0 Firmware	Version v500r002c00
Huawei Smc2.0 Firmware	Version v600r006c00

Running on/with	Platform Versions
Huawei Smc2.0	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Seco Vsm Firmware	Version v200r002c00

Running on/with	Platform Versions
Huawei Seco Vsm	All versions

Configuration J

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Uma Firmware	Version v200r001c00
Huawei Uma Firmware	Version v300r001c00

Running on/with	Platform Versions
Huawei Uma	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei X6000 Firmware	Version v100r002c00

Running on/with	Platform Versions
Huawei X6000	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei X8000 Firmware	Version v100r002c20

Running on/with	Platform Versions
Huawei X8000	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Elog Firmware	Version v200r003c10

Running on/with	Platform Versions
Huawei Elog	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Espace Ecs Firmware	Version v300r001c00

Running on/with	Platform Versions
Huawei Espace Ecs	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (29)

http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/153627/Microsoft-Windows-RDP-BlueKeep-Denial-Of-Service.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154579/BlueKeep-RDP-Remote-Windows-Kernel-Use-After-Free.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155389/Microsoft-Windows-7-x86-BlueKeep-RDP-Use-After-Free.html

Source: secure@microsoft.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/162960/Microsoft-RDP-Remote-Code-Execution.html

Source: secure@microsoft.com

ExploitThird Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190529-01-windows-en

Source: secure@microsoft.com

Third Party Advisory

http://www.huawei.com/en/psirt/security-notices/huawei-sn-20190515-01-windows-en

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdf

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdf

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf

Source: secure@microsoft.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdf

Source: secure@microsoft.com

Third Party Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Source: secure@microsoft.com

PatchVendor Advisory

http://packetstormsecurity.com/files/153133/Microsoft-Windows-Remote-Desktop-BlueKeep-Denial-Of-Service.html