CVE-2008-2246

Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
microsoftwindows_vista
*
microsoftwindows_vista
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://secunia.com/advisories/31411
http://www.securityfocus.com/bid/30634
http://www.securitytracker.com/id?1020678
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
http://www.vupen.com/english/advisories/2008/2351
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://marc.info/?l=bugtraq&m=121915960406986&w=2
http://secunia.com/advisories/31411
http://www.securityfocus.com/bid/30634
http://www.securitytracker.com/id?1020678
http://www.us-cert.gov/cas/techalerts/TA08-225A.html
http://www.vupen.com/english/advisories/2008/2351
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6060