Authentication byass in Microsoft Windows RDP
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-9510 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Windows Server Operating systems & Components / Operating system Windows Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authentication
EUVDB-ID: #VU18684
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-9510
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a logical error in implementation of RDP Network Level Authentication (NLA) when authenticating users after interrupted network connection. Remote Desktop server allows users to automatically authenticate in case of network connectivity loss without providing access credentials. An attacker with access a machine that is being used as RDP client can interrupt connection between the client and remote RDP server, then reconnect to the server and gain access to a remote session that belongs to another workstation user.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWindows Server: 2019 - 2019 1903
Windows: 10 - 10 Gold
External linkshttp://www.kb.cert.org/vuls/id/576688/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
