6.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.501 Medium
EPSS
Percentile
97.5%
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:windows_vista | microsoft windows vista | eq | * |
osvdb.org/33667
www.securityfocus.com/archive/1/462793/100/0/threaded
www.securityfocus.com/archive/1/464617/100/0/threaded
www.securityfocus.com/bid/23267
www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf
www.symantec.com/enterprise/security_response/weblog/2007/04/microsofts_inaccurate_teredo_d.html