Vulnerabilities > CVE-2001-0046 - Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
microsoft
nessus

Summary

The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.

Vulnerable Configurations

Part Description Count
OS
Microsoft
2

Nessus

NASL familyWindows
NASL idSMB_REG_SNMP_ACCESS.NASL
descriptionThe registry key HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters can be modified by users who are not in the admin group. Write access to this key allows an unprivileged user to gain additional privileges.
last seen2020-06-01
modified2020-06-02
plugin id11868
published2003-10-08
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11868
titleMicrosoft Windows SMB Registry : SNMP Registry Key Permission Weakness Local Privilege Escalation

Oval

accepted2008-03-24T04:00:13.791-04:00
classvulnerability
contributors
  • nameMatt Busby
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
definition_extensions
commentMicrosoft Windows NT is installed
ovaloval:org.mitre.oval:def:36
descriptionThe default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
familywindows
idoval:org.mitre.oval:def:139
statusaccepted
submitted2004-06-08T12:00:00.000-04:00
titleDefault Registry Permissions on SNMP Parameters
version71