5 results (0.016 seconds)

CVSS: 10.0EPSS: 97%CPEs: 139EXPL: 43

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. Existe una vulnerabilidad de ejecución remota de código en Remote Desktop Services, anteriormente conocido como Terminal Services, cuando un atacante no autenticado se conecta al sistema de destino mediante RDP y envía peticiones especialmente diseñadas, conocida como 'Remote Desktop Services Remote Code Execution Vulnerability'. The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120, allowing a malformed Disconnect Provider Indication message to cause a use-after-free. With a controllable data/size remote nonpaged pool spray, an indirect call gadget of the freed channel is used to achieve arbitrary code execution. Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. • https://www.exploit-db.com/exploits/47120 https://www.exploit-db.com/exploits/46946 https://www.exploit-db.com/exploits/47416 https://www.exploit-db.com/exploits/47683 https://github.com/k8gege/CVE-2019-0708 https://github.com/n1xbyte/CVE-2019-0708 https://github.com/victor0013/CVE-2019-0708 https://github.com/cbwang505/CVE-2019-0708-EXP-Windows https://github.com/Leoid/CVE-2019-0708 https://github.com/p0p0p0/CVE-2019-0708-exploit https://github.com/worawit • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms." Servidores Huawei XH620 V3, XH622 V3 y XH628 V3 con software en versiones anteriores a V100R03C00SPC610, servidores RH1288 V3 con software en versiones anteriores a V100R003C00SPC613, servidores RH2288 V3 con software en versiones anteriores a V100R003C00SPC617 y servidores RH2288H V3 con software en versiones anteriores a V100R003C00SPC515 permite a atacantes remotos obtener contraseñas a través de un ataque de fuerza bruta, relacionado con "la falta de mecanismos de protección de autenticación". • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-01-server-en http://www.securityfocus.com/bid/92504 • CWE-285: Improper Authorization •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. Servidores Huawei X6800 y XH620 V3 con software en versiones anteriores a V100R003C00SPC606, servidores RH1288 V3 con software en versiones anteriores a V100R003C00SPC613, servidores RH2288 V3 con software en versiones anteriores a V100R003C00SPC617, CH140 V3 y servidores CH226 V3 con software en versiones anteriores a V100R001C00SPC122, servidores CH220 V3 con software en versiones anteriores a V100R001C00SPC201 y CH121 V3 y servidores CH222 V3 con software en versiones anteriores a V100R001C00SPC202 podría permitir a atacantes remotos desencripar datos encriptados y, consecuentemente, obtener información sensible mediante el aprovechamiento de la selección de un algoritmo de encriptación SSH inseguro. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160817-02-server-en http://www.securityfocus.com/bid/92503 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •

CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613; RH2288 V3 servers with software before V100R003C00SPC617; RH2288H V3 servers with software before V100R003C00SPC515; RH5885 V3 servers with software before V100R003C10SPC102; and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 allows local users to cause a denial of service (iBMC resource consumption) via unspecified vectors. Intelligent Baseboard Management Controller (iBMC) en servidores Huawei RH1288 V3 con software anterior a V100R003C00SPC613; servidores RH2288 V3 con software anterior a V100R003C00SPC617; servidores RH2288H V3 con software anterior a V100R003C00SPC515; servidores RH5885 V3 con software anterior a V100R003C10SPC102 XH620 V3, XH622 V3 y servidores XH628 V3 con software anterior a V100R003C00SPC610 permite a usuarios locales provocar una denegación de servicio (recurso de consumo iBMC) a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-server-en • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm. Intelligent Baseboard Management Controller (iBMC) en servidores Huawei RH1288 V3 con software anterior a V100R003C00SPC613, servidores RH2288 V3 con software anterior a V100R003C00SPC617, servidores RH2288H V3 con software anterior a V100R003C00SPC515, servidores RH5885 V3 con software anterior a V100R003C10SPC102 y XH620 V3, XH622 V3 y servidores XH628 V3 con software anterior a V100R003C00SPC610 podría permitir a atacantes remotos descepcriptar datos encriptados y consecuentemente obtener información sensible, mediante el aprovechamiento de la selección de un cifrado de algoritmo inseguro SSL. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-02-server-en http://www.securityfocus.com/bid/92623 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •