Lucene search

[email protected]CVE-2001-0349

HistoryJul 21, 2001 - 4:00 a.m.

CVE-2001-0349

2001-07-2104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-0349

windows 2000

telnet service

vulnerability

arbitrary command execution

named pipe

nvd

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.1%

JSON

Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

www.kb.cert.org/vuls/id/587587

www.securityfocus.com/bid/2849

docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031

exchange.xforce.ibmcloud.com/vulnerabilities/6664

7.2 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.1%

JSON

Related for CVE-2001-0349

cert1