| Vulnerability Name: | CVE-2001-0046 (CCN-1438) | ||||||||
| Assigned: | 1998-11-17 | ||||||||
| Published: | 1998-11-17 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0147 Source: MITRE Type: CNA CVE-2000-0379 Source: MITRE Type: CNA CVE-2000-0515 Source: MITRE Type: CNA CVE-2001-0046 Source: MITRE Type: CNA CVE-2001-0380 Source: MITRE Type: CNA CVE-2001-1210 Source: MITRE Type: CNA CVE-2002-0478 Source: MITRE Type: CNA CVE-2002-0540 Source: MITRE Type: CNA CVE-2002-0812 Source: CCN Type: US-CERT VU#403315 Nortel Networks CVX 1800 discloses privileged information Source: CCN Type: BID-1177 Netopia DSL Router Vulnerability Source: CCN Type: BID-1327 HP SNMPD File Permission Vulnerabilities Source: BID Type: Patch, Vendor Advisory 2066 Source: CCN Type: BID-2066 Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability Source: CCN Type: BID-3758 Cisco Cable Access Router MIB Community Default Passwords Vulnerability Source: CCN Type: BID-4330 Foundry Networks EdgeIron SNMP Community String Read-Write Vulnerability Source: CCN Type: BID-4331 ISS RealSecure for Nokia IDS Devices Default KeyAdministrator Entry Vulnerability Source: CCN Type: BID-4507 Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability Source: CCN Type: BID-5436 Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability Source: CCN Type: BID-973 SCO OpenServer SNMPD Default Community Vulnerability Source: MS Type: UNKNOWN MS00-095 Source: XF Type: UNKNOWN snmp-kill-interface(1438) Source: XF Type: UNKNOWN nt-snmp-reg-perms(5672) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:139 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2001-0046 (CCN-5672) | ||||||||
| Assigned: | 2000-12-06 | ||||||||
| Published: | 2000-12-06 | ||||||||
| Updated: | 2000-12-06 | ||||||||
| Summary: | Microsoft Windows NT 4.0 including Server, Enterprise Edition, and Terminal Server could allow an attacker to gain elevated privileges, due to improper registry permissions. The permissions on the SNMP Management registry key, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters, allow an attacker to read or modify the information in this key. An attacker can use this information to masquerade as an SNMP manager or change the information in the registry key to create a community to gain management privileges on the local computer. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-0046 Source: CCN Type: CIAC Information Bulletin L-026 Microsoft Windows NT 'Registry Permissions' Vulnerability Source: CCN Type: CIAC Information Bulletin L-027 Microsoft Windows 2000 'SNMP Parameters' Vulnerability Source: CCN Type: Microsoft Security Bulletin MS00-095 Tool Available for 'Registry Permissions' Vulnerability Source: CCN Type: Microsoft Security Bulletin MS00-096 Tool Available for 'SNMP Parameters' Vulnerability Source: CCN Type: Microsoft Security Bulletin MS01-041 Malformed RPC Request Can Cause Service Failure Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: BID-2066 Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability Source: XF Type: UNKNOWN nt-snmp-reg-perms(5672) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||