Lucene search
MitreCVE-2002-0444HistorySep 01, 2004 - 4:00 a.m.
CVE-2002-0444
2004-09-0104:00:00
mitre
web.nvd.nist.gov
20
windows 2000
terminal server
group policies
sysvol share
remote access
user-authentication
cve-2002-0444
security-bypass.
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.014
Percentile
86.4%
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
Affected configurations
Node
microsoftwindows_2000_terminal_services
ORmicrosoftwindows_2000_terminal_servicessp1
ORmicrosoftwindows_2000_terminal_servicessp2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_2000_terminal_services | * | cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:* |
| microsoft | windows_2000_terminal_services | * | cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:* |
| microsoft | windows_2000_terminal_services | * | cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:* |
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.014
Percentile
86.4%
Related for CVE-2002-0444