Vulnerability Details : CVE-1999-0504
Public exploit exists!
A Windows NT local user or administrator account has a default, null, blank, or missing password.
Exploit prediction scoring system (EPSS) score for CVE-1999-0504
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-1999-0504
-
Microsoft Windows Authenticated User Code Execution
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/windows/smb/psexecThis module uses a valid administrator username and password (or password hash) to execute an arbitrary payload. This module is similar to the "psexec" utility provided by SysInternals. This module is now able to clean up after itself. The service created by this t -
Microsoft Windows Authenticated Powershell Command Execution
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/windows/smb/psexec_pshexploit/windows/smb/psexec_psh This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using -
Windows Management Instrumentation (WMI) Remote Command Execution
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/windows/local/wmiThis module executes powershell on the remote host using the current user credentials or those supplied. Instead of using PSEXEC over TCP port 445 we use the WMIC command to start a Remote Procedure Call on TCP port 135 and an ephemeral port. Set ReverseListe -
Microsoft Windows Authenticated Logged In Users Enumeration
First seen: 2020-04-26auxiliary/scanner/smb/psexec_loggedin_usersThis module uses a valid administrator username and password to enumerate users currently logged in, using a similar technique than the "psexec" utility provided by SysInternals. It uses reg.exe to query the HKU base registry key. Authors: - Royce Davis @R3dy__ <r -
Powershell Remoting Remote Command Execution
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/windows/local/powershell_remotingThis module uses Powershell Remoting (TCP 47001) to inject payloads on target machines. If RHOSTS are specified, it will try to resolve the IPs to hostnames, otherwise use a HOSTFILE to supply a list of known hostnames. Authors: - Ben Campbell <eat_meatb -
Microsoft Windows Authenticated Administration Utility
First seen: 2020-04-26auxiliary/admin/smb/psexec_commandauxiliary/admin/smb/psexec_command This module uses a valid administrator username and password to execute an arbitrary command on one or more hosts, using a similar technique than the "psexec" utility provided by SysInternals. Daisy chaining commands with '&' does not wor -
PsExec via Current User Token
Disclosure Date: 1999-01-01First seen: 2020-04-26exploit/windows/local/current_user_psexecThis module uploads an executable file to the victim system, creates a share containing that executable, creates a remote service on each target system using a UNC path to that file, and finally starts the service(s). The result is similar to psexe
CVSS scores for CVE-1999-0504
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-1999-0504
Products affected by CVE-1999-0504
- cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*