CVE-2005-2150

high

Description

Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/21288

https://exchange.xforce.ibmcloud.com/vulnerabilities/21286

http://www.securityfocus.com/bid/14178

http://www.securityfocus.com/bid/14177

http://www.hsc.fr/ressources/presentations/null_sessions/

http://securitytracker.com/id?1014417

http://secunia.com/advisories/14189

http://marc.info/?l=bugtraq&m=112076409813099&w=2

Details

Source: Mitre, NVD

Published: 2005-07-11

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.29437