Vulnerability Name: | CVE-2005-3176 (CCN-24402) | ||||||||
Assigned: | 2005-06-28 | ||||||||
Published: | 2005-06-28 | ||||||||
Updated: | 2008-09-05 | ||||||||
Summary: | Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | ||||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Other | ||||||||
References: | Source: MITRE Type: CNA CVE-2005-3176 Source: CCN Type: Microsoft Knowledge Base Article 891076 An event that is logged in the Security log does not in include the IP address or the computer name of the Terminal Services client Source: MSKB Type: Patch, Vendor Advisory 891076 Source: CCN Type: Microsoft Knowledge Base Article 900345 Fixes that are included in the Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005 Source: MSKB Type: Patch, Vendor Advisory 900345 Source: CCN Type: Microsoft Security Advisory (891861) Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4) Source: CCN Type: OSVDB ID: 20001 Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure Source: CCN Type: IBM Internet Security Systems X-Force Database Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed Source: XF Type: UNKNOWN win2k-terminal-ip-not-logged(24402) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |