| Vulnerability Name: | CVE-2002-0018 (CCN-8023) | ||||||||||||
| Assigned: | 2002-01-30 | ||||||||||||
| Published: | 2002-01-30 | ||||||||||||
| Updated: | 2018-10-12 | ||||||||||||
| Summary: | In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | ||||||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2002-0018 Source: CCN Type: CIAC Information Bulletin M-036 Microsoft Windows NT/2000 Trust Domain Vulnerability Source: CCN Type: Microsoft Security Bulletin MS02-001 Trusting Domains Do Not Verify Domain Membership of SIDs in Authorization Data Source: CCN Type: Microsoft Security Bulletin MS02-018 Cumulative Patch for Internet Information Services (Q319733) Source: CCN Type: OSVDB ID: 2037 Microsoft Windows Trusted Domain SID Remote Privilege Escalation Source: BID Type: UNKNOWN 3997 Source: CCN Type: BID-3997 Microsoft Windows Trusted Domain Privilege Escalation Vulnerability Source: MS Type: UNKNOWN MS02-001 Source: XF Type: UNKNOWN win-sid-gain-privileges(8023) Source: XF Type: UNKNOWN win-sid-gain-privileges(8023) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:159 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:64 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||