Information disclosure

2023-05-0918:15:00

PRIOn knowledge base

www.prio-n.com

windows ntlm

security provider

information disclosure

vulnerability

nvd

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.7%

JSON

Windows NTLM Security Support Provider Information Disclosure Vulnerability

CPENameOperatorVersion
windows_10_1507lt10.0.10240.19926
windows_10_1607lt10.0.14393.5921
windows_10_1809lt10.0.17763.4377
windows_10_20h2lt10.0.19042.2965
windows_10_21h2lt10.0.19044.2965
windows_10_22h2lt10.0.19045.2965
windows_11_21h2lt10.0.22000.1936
windows_11_22h2lt10.0.22000.1702
windows_server_2008eqr2 sp1
windows_server_2008eq- sp2

Name	Operator	Version
windows_10_1507	lt	10.0.10240.19926
windows_10_1607	lt	10.0.14393.5921
windows_10_1809	lt	10.0.17763.4377
windows_10_20h2	lt	10.0.19042.2965
windows_10_21h2	lt	10.0.19044.2965
windows_10_22h2	lt	10.0.19045.2965
windows_11_21h2	lt	10.0.22000.1936
windows_11_22h2	lt	10.0.22000.1702
windows_server_2008	eq	r2 sp1
windows_server_2008	eq	- sp2