CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:C/A:N
AI Score
Confidence
Low
EPSS
Percentile
89.6%
The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka โSAMR Security Feature Bypass Vulnerability.โ
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_server_2003 | * | cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* |
microsoft | windows_server_2008 | * | cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:* |
microsoft | windows_server_2008 | * | cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:* |
microsoft | windows_server_2012 | - | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
microsoft | windows_server_2012 | r2 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:* |
microsoft | windows_server_2012 | r2 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:* |
microsoft | windows_server_2012 | r2 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:* |
microsoft | windows_vista | * | cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* |
microsoft | windows_xp | - | cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* |