CVE-2019-0708 plugins

hackyzh · May 22, 2019, 3:21am

Hi openvas team，
Have you updated this rule recently, remote check?I want to write according to other people’s, but because of the limited level, I can’t write it with nasl.
reference:
https://github.com/zerosum0x0/CVE-2019-0708/blob/master/cve_2019_0708.rb

cfi · May 23, 2019, 8:57am

Hi,

a remote/active VT for this specific RDP vulnerability is currently in the works and should arrive in the feed soon.

hackyzh · May 24, 2019, 5:42am

okay,understand

hackyzh · May 29, 2019, 12:57am

Hi,
Haven’t updated yet?

lun381 · May 29, 2019, 3:05am

I updated feed on sunday, and find information CVE-2019-0708, but i can’t scan our windows servers and don’t show any vulnerability about CVE-2019-0708 .
I 'm waiting the update. Thanks.

hackyzh · May 29, 2019, 3:48am

Thanks for your reply.But,where is the information about CVE-2019-0708?

Lukas · May 29, 2019, 8:58am

Are you using the community or GSF feed ? It might only come up on the GSF, the GCE does not give you any SLA on timing or availability.

If you look at the SecInfo it´s already part of the GSF:

https://secinfo.greenbone.net/cve/CVE-2019-0708

Last updated: Fri, May 24, 2019 10:29 PM

lun381 · May 29, 2019, 8:59am

Sorry, i’ m not openvas team. CVE-2019-0708 can find on Secinfo->CVE and search.

hackyzh · May 29, 2019, 9:04am

I mean the remote check.

hackyzh · May 29, 2019, 9:05am

okay,The remote rdp check policy haven’t updated.

Lukas · May 29, 2019, 9:36am

Scan Authenticated …

ceantuco · June 10, 2019, 4:02pm

Hi,

I scanned a few Windows hosts which I know are vulnerable to CVE-2019-0708; however, OpenVAS did not detect it.

I ran greenbone-nvt-sync without issues.

Can you assist?
Thank you!

hackyzh · June 11, 2019, 1:02am

Openvas detection CVE-2019-0708 method is authorized to scan

lun381 · June 11, 2019, 2:35am

How can i check it?Thanks.

cfi · June 11, 2019, 8:43am

As already explained twice the VTs covering that specific CVE currently requires an authenticated scan. See the following documentation on how to configure such an authenticated scan:

https://docs.greenbone.net/GSM-Manual/gos-4/en/vulnerabilitymanagement.html#authenticated-scan-using-local-security-checks

Bob · July 29, 2019, 3:48pm

An authenticated scan means you own the system you are scanning.

I work for an ISP, and often scan our subscribers’ systems for vulnerabilities, which we do not own or control.

I am able to detect the BlueKeep vulnerability using rdpscan, and also using Nexpose.

I am curious as to why this particular CVE requires an authenticated scan in OpenVAS.

_OR · July 30, 2019, 1:24pm

Hi,
I’m just curious. Why do you scan? As a service for your customers?
Greetings

Bob · July 30, 2019, 3:02pm

That is correct. Occasionally a subscriber will need some insight and we strive to provide that when it’s needed.

cfi · October 12, 2019, 2:04pm

Just for the record, a Remote-Check for this CVE is available in the feed since quite some time:

https://secinfo.greenbone.net/nvt/1.3.6.1.4.1.25623.1.0.108611

panajo1017 · March 24, 2020, 4:37am

Hi @cfi, it’s seems like this plugin has problem on processing TLS.
I use this plugin to scan a target and the target doesn’t response to the connect_initial_request packet - same as https://github.com/JSec1337/Scanner-CVE-2019-0708 when using with --notls option. But, with no --notls option, the python script detects the vulnerability on the target successfully.
Another case, when a target “Forcing RDP to use TLS Encryption”, it responses “TLS required by server” to the “Negotiate Request”, but this plugin does not processing this.