Vulnerability Details : CVE-2009-1930
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2009-1930
Probability of exploitation activity in the next 30 days: 43.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1930
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2009-1930
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1930
-
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
Microsoft Updates for Multiple Vulnerabilities | CISAUS Government Resource
-
http://www.securityfocus.com/bid/35993
Patch
-
http://securitytracker.com/id?1022716
GoDaddy Domain Name Search
-
http://www.vupen.com/english/advisories/2009/2237
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://osvdb.org/56904
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-042
Microsoft Security Bulletin MS09-042 - Important | Microsoft Learn
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6302
404 Not Found
-
http://secunia.com/advisories/36222
About Secunia Research | FlexeraVendor Advisory
Products affected by CVE-2009-1930
- cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp2:*:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:-:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:-:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*