CVE-2014-0296

2014-06-1104:56:16

CWE-310

[email protected]

web.nvd.nist.gov

microsoft

windows

rdp

encryption

vulnerability

nvd

cve-2014-0296

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.6%

JSON

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka “RDP MAC Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_7Match-sp1

microsoftwindows_8Match-

microsoftwindows_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Matchr2

CPENameOperatorVersion
microsoft:windows_7microsoft windows 7eq-
microsoft:windows_8microsoft windows 8eq-
microsoft:windows_8.1microsoft windows 8.1eq-
microsoft:windows_server_2012microsoft windows server 2012eq-
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_7	microsoft windows 7	eq	-
microsoft:windows_8	microsoft windows 8	eq	-
microsoft:windows_8.1	microsoft windows 8.1	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	-
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2