NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-1930

Summary	The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
Summary	El servicio Telnet en Microsoft Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista Gold, SP1, y SP2, y Server 2008 Gold y SP2 permite a los servidores Telnet remotos ejecutar arbitrariamente código en máquinas cliente remplazando las credenciales NTLM de un usuario cliente, también conocido como "Vulnerabilidad Reflejo de Credencial Telnet", un asunto relativo a CVE-2000-0834.
Publication Date	Aug. 13, 2009, 2:30 a.m.
Registration Date	Jan. 29, 2021, 1:19 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000:-:sp4::::::
cpe:2.3:o:microsoft:windows_2003_server:sp2:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp2::itanium:::::
cpe:2.3:o:microsoft:windows_2003_server:sp2::x64:::::
cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
cpe:2.3:o:microsoft:windows_server_2008::sp2:x64:::::
cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::*
cpe:2.3:o:microsoft:windows_vista::sp1::::::*
cpe:2.3:o:microsoft:windows_vista::sp2::::::*
cpe:2.3:o:microsoft:windows_vista:-:-:x64:::::*
cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::
cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/56904	secure@microsoft.com
2	http://secunia.com/advisories/36222	secure@microsoft.com
3	http://securitytracker.com/id?1022716	secure@microsoft.com
4	http://www.securityfocus.com/bid/35993	secure@microsoft.com
5	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	secure@microsoft.com
6	http://www.vupen.com/english/advisories/2009/2237	secure@microsoft.com
7	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-042	secure@microsoft.com
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6302	secure@microsoft.com
9	http://osvdb.org/56904	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/36222	af854a3a-2127-422b-91ae-364da2661108
11	http://securitytracker.com/id?1022716	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/35993	af854a3a-2127-422b-91ae-364da2661108
13	http://www.us-cert.gov/cas/techalerts/TA09-223A.html	af854a3a-2127-422b-91ae-364da2661108
14	http://www.vupen.com/english/advisories/2009/2237	af854a3a-2127-422b-91ae-364da2661108
15	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-042	af854a3a-2127-422b-91ae-364da2661108
16	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6302	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-255	証明書・パスワード管理	https://cwe.mitre.org/data/definitions/255.html