CVE-2000-1164

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/1961	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5545
http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/1961	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5545

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:att:winvnc:3.3.3:::::::*
	cpe:2.3:a:att:winvnc:3.3.3r7:::::::*

History

20 Nov 2024, 23:34

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html - Patch, Vendor Advisory~~	() http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/1961 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/1961 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/5545 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/5545 -

Information

Published : 2001-01-09 05:00

Updated : 2024-11-20 23:34

NVD link : CVE-2000-1164

Mitre link : CVE-2000-1164

CVE.ORG link : CVE-2000-1164

JSON object : View

Products Affected

att

winvnc

CWE

NVD-CWE-Other

{"id": "CVE-2000-1164", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-01-09T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/1961", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5545", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/1961", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5545", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system."}], "lastModified": "2024-11-20T23:34:09.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:att:winvnc:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "968A0212-EE5D-4D8A-837E-41424ED5964B"}, {"criteria": "cpe:2.3:a:att:winvnc:3.3.3r7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2433C9F8-D11B-4263-8541-76C1470B41FA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}