Cyber Resilience

CVE-2019-0708

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 16 May 2019

Published
16 May 2019
Modified
29 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 1.0000 100.0th percentile
Risk Priority 100 floored blend · peak EPSS

Summary

CVE-2019-0708 is a critical-severity Use After Free (CWE-416) vulnerability in Huawei Gtsoftx3000 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-17 (Remote Access) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2019-0708 is a remote code execution vulnerability in Remote Desktop Services, formerly known as Terminal Services, that stems from a use-after-free flaw (CWE-416). It affects systems accepting RDP connections and carries a CVSS 3.1 base score of 9.8 reflecting network-accessible, unauthenticated attack vectors with high impact on confidentiality, integrity, and availability.

An unauthenticated attacker can exploit the issue simply by establishing an RDP session to the target and transmitting specially crafted requests, enabling arbitrary code execution on the affected system without any user interaction or credentials.

Public exploit code for both denial-of-service and remote code execution variants has been published on Packet Storm, confirming that working proof-of-concept implementations targeting the vulnerability are available.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

CVEs Like This One

CVE-2025-24983Same product: Microsoft Windows Server 2008both on KEV
CVE-2025-62221Same vendor: Microsoftboth on KEV
CVE-2025-21335Same vendor: Microsoftboth on KEV
CVE-2025-21334Same vendor: Microsoftboth on KEV
CVE-2026-2441Same vendor: Microsoftboth on KEV
CVE-2026-5281Same vendor: Microsoftboth on KEV
CVE-2017-0144Same product: Microsoft Windows 7both on KEV
CVE-2025-43529Shared CWE-416both on KEV
CVE-2025-48543Shared CWE-416both on KEV
CVE-2025-24085Shared CWE-416both on KEV

Affected Assets

microsoft
windows 7
all versions
microsoft
windows server 2008
all versions, r2
siemens
axiom multix m firmware
all versions
siemens
axiom vertix md trauma firmware
all versions
siemens
axiom vertix solitaire m firmware
all versions
siemens
mobilett xp digital firmware
all versions
siemens
multix pro acss p firmware
all versions
siemens
multix pro p firmware
all versions
siemens
multix pro firmware
all versions
siemens
multix pro acss firmware
all versions
+57 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly restricts and authorizes RDP-based remote access sessions, blocking the unauthenticated network vector used by CVE-2019-0708.

prevent

Enforces boundary protections that can deny external RDP traffic to systems not explicitly requiring Remote Desktop Services.

prevent

Requires timely application of vendor patches that eliminate the use-after-free flaw enabling unauthenticated RCE via RDP.

References