Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Windows 10 or newer system using RDP by Microsoft

    CVE-2019-9510 (GCVE-0-2019-9510)

    Vulnerability from nvd – Published: 2020-01-15 17:05 – Updated: 2024-09-17 04:00
    VLAI
    Title
    Microsoft Windows RDP can bypass the Windows lock screen
    Summary
    A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.
    CWE
    Assigner
    Impacted products
    Date Public
    2019-06-04 00:00
    Credits
    Thanks to Joe Tammariello of the SEI for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.465Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#576688",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/576688/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows 10 or newer system using RDP",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10 *",
                  "status": "affected",
                  "version": "1803",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2019*",
                  "status": "affected",
                  "version": "2019",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
            }
          ],
          "datePublic": "2019-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T17:05:27.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#576688",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/576688/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
            }
          ],
          "source": {
            "advisory": "VU#576688",
            "discovery": "UNKNOWN"
          },
          "title": "Microsoft Windows RDP can bypass the Windows lock screen",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-06-04T00:00:00.000Z",
              "ID": "CVE-2019-9510",
              "STATE": "PUBLIC",
              "TITLE": "Microsoft Windows RDP can bypass the Windows lock screen"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows 10 or newer system using RDP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "10",
                                "version_value": "1803"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "2019",
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-288"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#576688",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/576688/"
                },
                {
                  "name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)",
                  "refsource": "MISC",
                  "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)"
                },
                {
                  "name": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389",
                  "refsource": "MISC",
                  "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
                },
                {
                  "name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect",
                  "refsource": "MISC",
                  "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
                }
              ]
            },
            "source": {
              "advisory": "VU#576688",
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9510",
        "datePublished": "2020-01-15T17:05:27.546Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:00:12.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-9510 (GCVE-0-2019-9510)

    Vulnerability from cvelistv5 – Published: 2020-01-15 17:05 – Updated: 2024-09-17 04:00
    VLAI
    Title
    Microsoft Windows RDP can bypass the Windows lock screen
    Summary
    A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.
    CWE
    Assigner
    Impacted products
    Date Public
    2019-06-04 00:00
    Credits
    Thanks to Joe Tammariello of the SEI for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:54:44.465Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#576688",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/576688/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows 10 or newer system using RDP",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10 *",
                  "status": "affected",
                  "version": "1803",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Windows Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2019*",
                  "status": "affected",
                  "version": "2019",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
            }
          ],
          "datePublic": "2019-06-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T17:05:27.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#576688",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/576688/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713%28v=ws.11%29"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
            }
          ],
          "source": {
            "advisory": "VU#576688",
            "discovery": "UNKNOWN"
          },
          "title": "Microsoft Windows RDP can bypass the Windows lock screen",
          "workarounds": [
            {
              "lang": "en",
              "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "DATE_PUBLIC": "2019-06-04T00:00:00.000Z",
              "ID": "CVE-2019-9510",
              "STATE": "PUBLIC",
              "TITLE": "Microsoft Windows RDP can bypass the Windows lock screen"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows 10 or newer system using RDP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "10",
                                "version_value": "1803"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Windows Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_name": "2019",
                                "version_value": "2019"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-288"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#576688",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/576688/"
                },
                {
                  "name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)",
                  "refsource": "MISC",
                  "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)"
                },
                {
                  "name": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389",
                  "refsource": "MISC",
                  "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389"
                },
                {
                  "name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect",
                  "refsource": "MISC",
                  "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect"
                }
              ]
            },
            "source": {
              "advisory": "VU#576688",
              "discovery": "UNKNOWN"
            },
            "work_around": [
              {
                "lang": "en",
                "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them."
              }
            ]
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2019-9510",
        "datePublished": "2020-01-15T17:05:27.546Z",
        "dateReserved": "2019-03-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:00:12.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }