Lucene search

[email protected]CVE-2004-2730

HistoryOct 09, 2007 - 10:00 a.m.

CVE-2004-2730

2007-10-0910:00:00

CWE-264

[email protected]

web.nvd.nist.gov

sysinternals

pstools

remote shares

ipc

admin

privilege escalation

vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping.

Affected configurations

NVD

Node

microsoftpsexecRange≤1.53

microsoftpsgetsidRange≤1.40

microsoftpsinfoRange≤1.60

microsoftpskillRange≤1.02

microsoftpslistRange≤1.25

microsoftpsloglistRange≤2.50

microsoftpspasswdRange≤1.20

microsoftpsserviceRange≤2.11

microsoftpsshutdownRange≤2.31

microsoftpssuspendRange≤1.04

microsoftsysinternals_pstoolsRange≤2.04

CPENameOperatorVersion
microsoft:psexecmicrosoft psexecle1.53
microsoft:psgetsidmicrosoft psgetsidle1.40
microsoft:psinfomicrosoft psinfole1.60
microsoft:pskillmicrosoft pskillle1.02
microsoft:pslistmicrosoft pslistle1.25
microsoft:psloglistmicrosoft psloglistle2.50
microsoft:pspasswdmicrosoft pspasswdle1.20
microsoft:psservicemicrosoft psservicele2.11
microsoft:psshutdownmicrosoft psshutdownle2.31
microsoft:pssuspendmicrosoft pssuspendle1.04

CPE	Name	Operator	Version
microsoft:psexec	microsoft psexec	le	1.53
microsoft:psgetsid	microsoft psgetsid	le	1.40
microsoft:psinfo	microsoft psinfo	le	1.60
microsoft:pskill	microsoft pskill	le	1.02
microsoft:pslist	microsoft pslist	le	1.25
microsoft:psloglist	microsoft psloglist	le	2.50
microsoft:pspasswd	microsoft pspasswd	le	1.20
microsoft:psservice	microsoft psservice	le	2.11
microsoft:psshutdown	microsoft psshutdown	le	2.31
microsoft:pssuspend	microsoft pssuspend	le	1.04

Rows per page:

1-10 of 111

References

secunia.com/advisories/12108

securitytracker.com/id?1010737

www.osvdb.org/8140

www.securityfocus.com/bid/10759

www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304

exchange.xforce.ibmcloud.com/vulnerabilities/16743

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.2%

JSON

Related for CVE-2004-2730

cvelist1 nvd1 kaspersky1