Lucene search

[email protected]CVE-2001-0860

HistoryMar 09, 2002 - 5:00 a.m.

CVE-2001-0860

2002-03-0905:00:00

[email protected]

web.nvd.nist.gov

windows 2000

spoofing

nat

terminal services manager

cybersecurity

client spoofing

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.704 High

EPSS

Percentile

98.0%

JSON

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_xpgold

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_xp	microsoft windows xp	eq	*

References

marc.info/?l=bugtraq&m=100578220002083&w=2

www.securityfocus.com/bid/3541

exchange.xforce.ibmcloud.com/vulnerabilities/7538

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

High

0.704 High

EPSS

Percentile

98.0%

JSON

Related for CVE-2001-0860

cvelist1 nvd1