| Vulnerability Name: | CVE-2014-0317 (CCN-91365) | ||||||||
| Assigned: | 2013-12-03 | ||||||||
| Published: | 2014-03-11 | ||||||||
| Updated: | 2020-09-28 | ||||||||
| Summary: | The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability." | ||||||||
| CVSS v3 Severity: | 6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:C/A:N/E:U/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 CWE-20 | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0317 Source: CCN Type: Microsoft Security Bulletin MS14-016 Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) Source: CCN Type: Microsoft Security Bulletin MS15-096 Vulnerability in Active Directory Service Could Allow Denial of Service (3072595) Source: CCN Type: Microsoft Security Bulletin MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527) Source: CCN Type: BID-66012 Microsoft Windows Security Account Manager Remote protocol Security Bypass Vulnerability Source: MS Type: UNKNOWN MS14-016 Source: XF Type: UNKNOWN ms-samr-cve20140317-security-bypass(91365) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||