Microsoft Windows up to Vista Remote Desktop Protocol improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Microsoft Windows up to Vista. This vulnerability affects unknown code of the component Remote Desktop Protocol. Such manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2014-6318. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.
Details
A vulnerability was found in Microsoft Windows up to Vista (Operating System). It has been rated as problematic. Affected by this issue is an unknown code block of the component Remote Desktop Protocol. The manipulation with an unknown input leads to a improper authentication vulnerability. Using CWE to declare the problem leads to CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. Impacted is confidentiality, and integrity.
The weakness was disclosed 11/11/2014 with Microsoft as MS14-074 as confirmed bulletin (Technet). The advisory is shared for download at technet.microsoft.com. This vulnerability is handled as CVE-2014-6318 since 09/11/2014. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 79134 (MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90995 (Microsoft Windows Remote Desktop Protocol Security Feature Bypass Vulnerability (MS14-074)).
Applying the patch MS14-074 is able to eliminate this problem. The bugfix is ready for download at technet.microsoft.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (98365), Tenable (79134), SecurityFocus (BID 70981†), Secunia (SA60089†) and SecurityTracker (ID 1031193†). The entries VDB-68194, VDB-68195 and VDB-68196 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.7
VulDB Base Score: 6.5
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 79134
Nessus Name: MS14-074: Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: MS14-074
Timeline
09/11/2014 🔍11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/11/2014 🔍
11/12/2014 🔍
11/12/2014 🔍
11/12/2014 🔍
12/14/2024 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: MS14-074
Organization: Microsoft
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-6318 (🔍)
GCVE (CVE): GCVE-0-2014-6318
GCVE (VulDB): GCVE-100-68192
OVAL: 🔍
X-Force: 98365 - Microsoft Remote Desktop Protocol audit security bypass, Medium Risk
SecurityFocus: 70981 - Microsoft Windows Remote Desktop Protocol CVE-2014-6318 Security Bypass Vulnerability
Secunia: 60089
SecurityTracker: 1031193 - Windows Remote Desktop Protocol (RDP) Does Not Properly Record Logon Failures
Vulnerability Center: 47013 - [MS14-074] Microsoft Windows Remote Desktop Protocol Remote Restriction Bypass Vulnerability, Medium
scip Labs: https://www.scip.ch/en/?labs.20140213
See also: 🔍
Entry
Created: 11/12/2014 17:46Updated: 12/14/2024 21:33
Changes: 11/12/2014 17:46 (75), 04/07/2017 15:01 (8), 02/24/2022 16:50 (3), 02/24/2022 16:58 (1), 12/14/2024 21:33 (16)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.