CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
18.2%
Microsoft Windows operating system is prone to a security bypass vulnerability.
This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.900740.
# SPDX-FileCopyrightText: 2011 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.801914");
script_version("2023-06-27T05:05:30+0000");
script_tag(name:"deprecated", value:TRUE);
script_tag(name:"last_modification", value:"2023-06-27 05:05:30 +0000 (Tue, 27 Jun 2023)");
script_tag(name:"creation_date", value:"2011-04-11 14:40:00 +0200 (Mon, 11 Apr 2011)");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
script_cve_id("CVE-2010-0232");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability");
script_xref(name:"URL", value:"http://resources.infosecinstitute.com/slaac-attack/");
script_xref(name:"URL", value:"https://lists.immunityinc.com/pipermail/dailydave/20110404/000122.html");
script_tag(name:"qod_type", value:"registry");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2011 Greenbone AG");
script_family("Windows");
script_tag(name:"impact", value:"Successful exploitation will allow remote attackers to bypass
certain security restrictions and hijack all network traffic without any user.");
script_tag(name:"affected", value:"- Microsoft Windows 7 Service Pack 1 and prior
- Microsoft Windows Vista Service Pack 2 and prior
- Microsoft Windows Server 2008 Service Pack 2 and prior");
script_tag(name:"insight", value:"The default Network Interception Configuration prefers a new IPv6
and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of
an IPv6 Router Advertisement (RA), and does not provide an option to ignore an
unexpected RA, which allows remote attackers to conduct man-in-the-middle attacks.");
script_tag(name:"solution", value:"No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.");
script_tag(name:"summary", value:"Microsoft Windows operating system is prone to a security bypass vulnerability.
This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.900740.");
script_tag(name:"solution_type", value:"WillNotFix");
exit(0);
}
exit(66); ## This VT is deprecated as addressed in secpod_ms10-015.nasl.