Vulnerability CVE-2006-0376

Vulnerability CVE-2006-0376

Published: 2006-01-22 Modified: 2012-02-12

Description:

The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Microsoft Windows Wireless Exposure on Laptops	Nomad Mobile Res...	14.01.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Microsoft -> Windows 2000
Microsoft -> Windows 2003 server
Microsoft -> Windows xp

References:

http://securityreason.com/securityalert/349

http://securitytracker.com/id?1015489

http://www.nmrc.org/pub/advise/20060114.txt

http://www.securiteam.com/windowsntfocus/5YP0D2KHHO.html

http://www.securityfocus.com/archive/1/421868/100/0/threaded

http://www.theta44.org/karma/

https://exchange.xforce.ibmcloud.com/vulnerabilities/24157

Copyright 2024, cxsecurity.com