Microsoft Windows up to XP DirectAcccess Server input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Microsoft Windows up to XP. This affects an unknown part of the component DirectAcccess Server. This manipulation causes input validation. This vulnerability is tracked as CVE-2013-3876. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.
Details
A vulnerability was found in Microsoft Windows up to XP (Operating System). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component DirectAcccess Server. The manipulation with an unknown input leads to a input validation vulnerability. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. As an impact it is known to affect confidentiality, and integrity. The summary by CVE is:
DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.
The weakness was disclosed 11/12/2013 by Daniel Letkiewicz with Google as Vulnerability in DirectAccess Could Allow Security Feature Bypass as confirmed bulletin (Technet). It is possible to read the advisory at technet.microsoft.com. The public release has been coordinated in cooperation with Microsoft. This vulnerability is known as CVE-2013-3876 since 06/03/2013. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 12/25/2024).
The vulnerability scanner Nessus provides a plugin with the ID 70855 (MS KB2862152: Vulnerability in DirectAccess Could Allow Security Feature Bypass), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90928 (Microsoft Windows DirectAccess Security Bypass Vulnerability (KB2862152)).
Applying the patch Vulnerability in DirectAccess Could Allow Security Feature Bypass is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (70855), SecurityFocus (BID 63666†), OSVDB (99692†) and Vulnerability Center (SBV-42303†). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- Windows XP SP3
- Windows Vista SP1
- Windows Vista SP2
- Windows Server 2008 SP2
- Windows 7 SP1
- Windows Server 2003 SP2
- Windows Server 2008 R2 SP1
- Windows 8 SP0
- Windows Server 2012 SP0
- Windows RT SP0
- Windows XP Professional 64-bit Edition SP2
- Windows Server 2012 R2 SP0
- Windows 8.1 SP0
- Windows RT 8.1 SP0
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 70855
Nessus Name: MS KB2862152: Vulnerability in DirectAccess Could Allow Security Feature Bypass
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: Vulnerability in DirectAccess Could Allow Security Feature Bypass
Timeline
06/03/2013 🔍11/12/2013 🔍
11/12/2013 🔍
11/12/2013 🔍
11/13/2013 🔍
11/13/2013 🔍
11/15/2013 🔍
11/17/2013 🔍
12/25/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: Vulnerability in DirectAccess Could Allow Security Feature Bypass
Researcher: Daniel Letkiewicz
Organization: Google
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-3876 (🔍)
GCVE (CVE): GCVE-0-2013-3876
GCVE (VulDB): GCVE-100-11167
OVAL: 🔍
SecurityFocus: 63666
OSVDB: 99692 - Microsoft Windows DirectAccess Server Spoofing Weakness
Vulnerability Center: 42303 - Microsoft Windows Remote Security Bypass Vulnerability Leading to Information Disclosure (CVE-2013-3876), Medium
scip Labs: https://www.scip.ch/en/?labs.20140213
Entry
Created: 11/15/2013 15:53Updated: 12/25/2024 21:59
Changes: 11/15/2013 15:53 (51), 04/07/2017 12:39 (17), 06/02/2021 08:59 (2), 06/02/2021 09:03 (7), 06/02/2021 09:05 (1), 12/25/2024 21:59 (16)
Complete: 🔍
Committer:
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.