How severe is CVE-2019-9510?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2019-9510?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2019-9510 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later.

Related Vulnerabilities

CVE-2022-22189

HIGH

CVSS:7.8(High)

An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication t...

CWE-2882022

CVE-2022-47578

HIGH

CVSS:7.8(High)

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory card...

CWE-2882022

CVE-2023-21098

HIGH

CVSS:7.8(High)

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privile...

CWE-2882023

CVE-2024-29853

HIGH

CVSS:7.8(High)

An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

CWE-2882024

CVE-2024-41173

HIGH

CVSS:7.8(High)

The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.

CWE-2882024

CVE-2024-47574

HIGH

CVSS:7.8(High)

A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows lo...

CWE-2882024