Lucene search

[email protected]CVE-2002-0018

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0018

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

microsoft

windows nt

windows 2000

trusting domain

sids

authorization data

domain administrator privileges

security flaw

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_nt

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*
microsoft:windows_ntmicrosoft windows nteq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*
microsoft:windows_nt	microsoft windows nt	eq	*

References

www.securityfocus.com/bid/3997

docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001

exchange.xforce.ibmcloud.com/vulnerabilities/8023

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2002-0018

cvelist1 nvd1 nessus1