Lucene search

[email protected]CVE-1999-1358

HistoryMar 09, 2002 - 5:00 a.m.

CVE-1999-1358

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

windows nt

windows 2000

policy bypass

ntconfig.pol

security flaw

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_nt

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	*

References

support.microsoft.com/support/kb/articles/q157/6/73.asp

www.iss.net/security_center/static/7400.php

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-1999-1358

cvelist1 nvd1