Vulnerability BDU:2019-01846 - Russian Vulnerability Scanner Database

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

9.8critical3.x

0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x

9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость службы удаленного рабочего стола Remote Desktop Services (RDS) операционных систем Windows связана с ошибками обработки запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо,выполнить произвольный код с помощью специально созданного RDP-запроса

Sources

bdumsrc

Related Vulnerabilities

CVE-2019-0708

Exploits

Exploit ID: BDU:2019-01846

Source: bdu_exploit

URL: https://bdu.fstec.ru/vul

Exploit ID: 46946

Source: exploitdb

URL: https://www.exploit-db.com/exploits/46946

Exploit ID: 47120

Source: exploitdb

URL: https://www.exploit-db.com/exploits/47120

Exploit ID: 47416

Source: exploitdb

URL: https://www.exploit-db.com/exploits/47416

Exploit ID: 47683

Source: exploitdb

URL: https://www.exploit-db.com/exploits/47683

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-0708

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://nvd.nist.gov/vuln/detail/CVE-2019-0708

https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf

https://doclib.healthcare.siemens.com/home

Recommendations

Source: bdu

Для ОС Windows использование рекомендаций:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Для Sensis SIS Server Machine, Mat. Nr. 06648153 VC11D, VC12M, VD11B, Sensis SIS Server Machine, Mat. Nr. 10140973 VC11D, VC12M, SENSIS Dell High-End Server (VC12), Mat. Nr. 10910620 VC12M и VM SIS Virtual Server, Mat. Nr. 10765502 VC12M до AX037/19/P
Для Sensis SIS Server Machine, Mat. Nr. 06648153 VC11C и Sensis SIS Server Machine, Mat. Nr. 10140973 VC11C, до VC11D для последующего обновления до AX037/19/P
Для Sensis SIS Server Machine, Mat. Nr. 06648153 VC12B/C, VC12L, Sensis SIS Server Machine, Mat. Nr. 10140973 VC1B/C, VC12L, SENSIS Dell High-End Server (VC12), Mat. Nr. 10910620 VC12B/C, VC12L и VM SIS Virtual Server, Mat. Nr. 10765502 VC12L до VC12M для последующего обновления до AX037/19/P
Для Sensis SIS Server Machine, Mat. Nr. 06648153 VD11A до VD11B для последующего обновления до AX037/19/P
Для Atellica COAG 360 использование рекомендаций:
https://doclib.healthcare.siemens.com/home
Для Atellica NEPH 630 использование рекомендаций:
https://doclib.healthcare.siemens.com/home
Для BCS XP использование рекомендаций:
https://doclib.healthcare.siemens.com/home
Для BN ProSpec использование рекомендаций:
https://doclib.healthcare.siemens.com/home

Для CS 2000, CS 2100, CS 2500, CS 5100 компенсирующие меры:
Блокировка порта 3389/TCP
Настроить процедуры резервного копирования и восстановления системы
Защитить внешнюю среду в соответствии с рекомендациями Microsoft

Для SYSTEM ACOM.NET, Mat. Nr. 04815549, System ACOM.net 2.0, Mat. Nr. 05568386 и System ACOM-Net, Mat. Nr. 5903872 VC20A, VC21B, VC22B, VX22A:
Отключить обновления протокола удаленного рабочего стола

URL: https://bdu.fstec.ru/vul/2019-01846

Vulnerable Software (350)

Type: Configuration

Vendor: intel corp.

Product: 3th generation intel core

Operating System: windows_7 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 3th generation intel core

Operating System: windows_server 2008 r2 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 3th generation intel core

Operating System: windows_server 2008 service pack 2

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 3th generation intel core

Operating System: windows_server 2008 service pack 2 (server core installation)

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 4th generation intel core

Operating System: windows_7 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 4th generation intel core

Operating System: windows_server 2008 r2 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 4th generation intel core

Operating System: windows_server 2008 service pack 2

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 4th generation intel core

Operating System: windows_server 2008 service pack 2 (server core installation)

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 5th generation intel core

Operating System: windows_7 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 5th generation intel core

Operating System: windows_server 2008 r2 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 5th generation intel core

Operating System: windows_server 2008 service pack 2

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 5th generation intel core

Operating System: windows_server 2008 service pack 2 (server core installation)

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 6th generation intel core

Operating System: windows_7 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 6th generation intel core

Operating System: windows_server 2008 r2 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 6th generation intel core

Operating System: windows_server 2008 service pack 2

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 6th generation intel core

Operating System: windows_server 2008 service pack 2 (server core installation)

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 8th generation intel core

Operating System: windows_7 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 8th generation intel core

Operating System: windows_server 2008 r2 service pack 1

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 8th generation intel core

Operating System: windows_server 2008 service pack 2

Trait:

{  "version_exact": "*"}

Source: bdu

Type: Configuration

Vendor: intel corp.

Product: 8th generation intel core

Operating System: windows_server 2008 service pack 2 (server core installation)

Trait:

{  "version_exact": "*"}

Source: bdu

Russian Vulnerability Scanner Database

BDU:2019-01846

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Related Vulnerabilities

Exploits

Reference Links

Recommendations

Vulnerable Software (350)