Executive Summary
Summary | |
---|---|
Title | Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
Informations | |||
---|---|---|---|
Name | MS08-047 | First vendor Publication | 2008-08-12 |
Vendor | Microsoft | Last vendor Modification | 2008-08-13 |
Severity (Vendor) | Important | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (August 13, 2008): Added Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 to the Non-Affected Software table.Summary: This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-047.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6060 | |||
Oval ID: | oval:org.mitre.oval:def:6060 | ||
Title: | IPsec Policy Information Disclosure Vulnerability | ||
Description: | Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2246 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-21 | Name : Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerabilit... File : nvt/gb_ms08-047.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47396 | Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Di... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-08-14 | IAVM : 2008-T-0038 - Microsoft IPsec Policy Processing Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0016742 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-08-13 | Name : The remote host IPsec policy processing could lead to information disclosure. File : smb_nt_ms08-047.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:02 |
|
2013-11-11 12:41:08 |
|
2013-05-11 00:49:21 |
|