CVE-2019-0708 | VulnIntel — VulnIntel

CVE-2019-0708

CRITICAL

KEV

KISA

Ransomware

설명

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Score Summary

CVSS Score: 9.8
Version: 3.1
Risk Score: 9.90
Attack Vector: 네트워크 공격
낮은 복잡도
권한 불필요
사용자 상호작용 불필요
범위 변경 없음
기밀성 영향 높음
무결성 영향 높음
가용성 영향 높음

Details

Published: 05/16/2019(7 years ago)
Modified: 10/29/2025(7 months ago)
Source: KEV, NVD, KISA
Products: 131

CISA KEV Listing

Ransomware

Vendor / Project: Microsoft
Product: Remote Desktop Services

Date Added: 11/03/2021
Due Date: 05/03/2022Overdue 1476d

Required Action

Apply updates per vendor instructions.

Listed in KISA bulletin

This CVE is referenced in a KISA security bulletin (Korean only).

Bulletin ID: 35609
Published: 2020-09-10

Vulnerability Lifecycle

KISAKISA Listed05/14/2019
NVDPublished05/16/2019
CISA KEV

Score Comparison by Source

Source	CVSS Version	Base Score	Severity	Vector String	Assessment Date
NVDNIST	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	04/20/2026
NVDNIST	2.0	10.0

CWE Weakness Classification

CWE-416
NVD
Secondary

References (19)

Affected Products (131)