| Vulnerability Name: | CVE-2001-0347 (CCN-6665) | ||||||||
| Assigned: | 2001-06-08 | ||||||||
| Published: | 2001-06-08 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-0347 Source: CCN Type: CIAC Information Bulletin L-092 Microsoft Predictable Name Pipes In Telnet Source: CIAC Type: UNKNOWN L-092 Source: CCN Type: US-CERT VU#573155 Microsoft Windows 2000 Telnet Service searches all trusted domains for user accounts Source: CCN Type: Microsoft Security Bulletin MS01-031 Predictable Name Pipes Could Enable Privilege Elevation via Telnet Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: OSVDB Type: UNKNOWN 5686 Source: CCN Type: OSVDB ID: 5686 Microsoft Windows Telnet Service Account Information Disclosure Source: BID Type: UNKNOWN 2847 Source: CCN Type: BID-2847 Microsoft W2K Telnet Various Domain User Account Access Vulnerability Source: MS Type: UNKNOWN MS01-031 Source: XF Type: UNKNOWN win2k-telnet-domain-authentication(6665) Source: XF Type: UNKNOWN win2k-telnet-domain-authentication(6665) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||