9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.375 Low
EPSS
Percentile
96.7%
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems RD Gateway via RDP.
The update addresses the vulnerability by correcting how RD Gateway handles connection requests.
(Description copy-pasted entirely from Microsoftโs CVE description)
Recent assessments:
todb-r7 at January 14, 2020 8:46pm UTC reported:
First, note that this vuln is in RDP Gateway, not RDP Server, and those are different things. RDGateway is less common than plain olโ RDP Server, but my guess is that it is designed to be deployed right smack on the internet, where we tend to advise people against deploying RDP Server on the internet (people do anyway, but thats-none-of-my-business.jpg).
Anyway, because itโs RD Gateway, the maintainers of such servers probably are already aware that they need to keep up on their patches in the same way a typical IIS administrator does, so Iโm not super worried about this bug โ but it all depends on timely patches. Getting root on an RD Gateway server would be super useful for all sorts of internet crime, and this is an ideal sort of vulnerability for just that โ pre-auth, on first connection.
busterb at February 24, 2020 4:00pm UTC reported:
First, note that this vuln is in RDP Gateway, not RDP Server, and those are different things. RDGateway is less common than plain olโ RDP Server, but my guess is that it is designed to be deployed right smack on the internet, where we tend to advise people against deploying RDP Server on the internet (people do anyway, but thats-none-of-my-business.jpg).
Anyway, because itโs RD Gateway, the maintainers of such servers probably are already aware that they need to keep up on their patches in the same way a typical IIS administrator does, so Iโm not super worried about this bug โ but it all depends on timely patches. Getting root on an RD Gateway server would be super useful for all sorts of internet crime, and this is an ideal sort of vulnerability for just that โ pre-auth, on first connection.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.375 Low
EPSS
Percentile
96.7%