CVE-2019-0708
Published: 16 May 2019
Summary
CVE-2019-0708 is a critical-severity Use After Free (CWE-416) vulnerability in Huawei Gtsoftx3000 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).
Deeper analysis
CVE-2019-0708 is a remote code execution vulnerability in Remote Desktop Services, formerly known as Terminal Services, that stems from a use-after-free flaw (CWE-416). It affects systems accepting RDP connections and carries a CVSS 3.1 base score of 9.8 reflecting network-accessible, unauthenticated attack vectors with high impact on confidentiality, integrity, and availability.
An unauthenticated attacker can exploit the issue simply by establishing an RDP session to the target and transmitting specially crafted requests, enabling arbitrary code execution on the affected system without any user interaction or credentials.
Public exploit code for both denial-of-service and remote code execution variants has been published on Packet Storm, confirming that working proof-of-concept implementations targeting the vulnerability are available.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1468
Vulnerability details
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly restricts and authorizes RDP-based remote access sessions, blocking the unauthenticated network vector used by CVE-2019-0708.
Enforces boundary protections that can deny external RDP traffic to systems not explicitly requiring Remote Desktop Services.
Requires timely application of vendor patches that eliminate the use-after-free flaw enabling unauthenticated RCE via RDP.