Microsoft Windows SMB Guest Account Local User Access

High Nessus Plugin ID 26919

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

It is possible to log into the remote host.

Description

The remote host is running one of the Microsoft Windows operating systems or the SAMBA daemon. It was possible to log into it as a guest user using a random account.

Solution

In the group policy change the setting for 'Network access: Sharing and security model for local accounts' from 'Guest only - local users authenticate as Guest' to 'Classic - local users authenticate as themselves'. Disable the Guest account if applicable.

If the SAMBA daemon is running, double-check the SAMBA configuration around guest user access and disable guest access if appropriate

Plugin Details

Severity: High

ID: 26919

File Name: smb_guest_account.nasl

Version: 1.19

Type: remote

Agent: windows

Family: Windows

Published: 2007/10/04

Updated: 2020/09/21

Dependencies: 10394

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS Score Source: CVE-1999-0505

CVSS Score Rationale: Av:n is justified since the plugin tries to login via network services. nist specifies that the vulnerability pertains to a domain user. given that the plugin only tests for a guest account, which likely has limited permissions, the cia is partial instead of complete.

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/guest_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1999/01/01

Exploitable With

Metasploit (Microsoft Windows Authenticated Powershell Command Execution)

Reference Information

CVE: CVE-1999-0505