#VU18684 Improper Authentication in Windows Server and Windows - CVE-2019-9510
Published: June 5, 2019
Vulnerability identifier: #VU18684
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2019-9510
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Windows Server
Windows
Windows Server
Windows
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a logical error in implementation of RDP Network Level Authentication (NLA) when authenticating users after interrupted network connection. Remote Desktop server allows users to automatically authenticate in case of network connectivity loss without providing access credentials. An attacker with access a machine that is being used as RDP client can interrupt connection between the client and remote RDP server, then reconnect to the server and gain access to a remote session that belongs to another workstation user.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.