Lucene search

[email protected]NVD:CVE-2013-3876

HistoryNov 18, 2013 - 3:55 a.m.

CVE-2013-3876

2013-11-1803:55:05

CWE-20

[email protected]

web.nvd.nist.gov

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.6%

JSON

DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_rtMatch-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2003Match-sp2

microsoftwindows_server_2008Match-sp2

microsoftwindows_server_2008Matchr2sp1itanium

microsoftwindows_server_2008Matchr2sp1x64

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_vistaMatch-sp1

microsoftwindows_vistaMatch-sp2x64

microsoftwindows_xpMatch-sp2professionalx64

microsoftwindows_xpMatch-sp3

References

technet.microsoft.com/security/advisory/2862152

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.6%

JSON

Related for NVD:CVE-2013-3876

nessus1 cve1 symantec1 openvas1 prion1 cvelist1