MS09-031 Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
Important - Elevation of Privilege This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
Max CVSS
9.0
EPSS Score
1.74%
Published
2009-07-15
Updated
2018-10-12