| Vulnerability Name: | CVE-2007-1644 (CCN-33473) | ||||||||
| Assigned: | 2007-03-22 | ||||||||
| Published: | 2007-03-22 | ||||||||
| Updated: | 2017-10-11 | ||||||||
| Summary: | The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 9.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2007-1644 Source: OSVDB Type: UNKNOWN 43603 Source: CCN Type: Microsoft Corporation Web site Windows Home Page Source: CCN Type: OSVDB ID: 43603 Microsoft Windows DNS Server Dynamic Update Mechanism Client Authentication Bypass Source: XF Type: UNKNOWN win-dnsupdate-unauthorized-access(33473) Source: XF Type: UNKNOWN win-dnsupdate-unauthorized-access(33473) Source: EXPLOIT-DB Type: UNKNOWN 3544 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||