Описание
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
Ссылки
- PatchVendor Advisory
- ExploitPatch
- US Government Resource
- PatchVendor Advisory
- ExploitPatch
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:host_integration_server_2000:*:*:*:*:client:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2000:*:sp2:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:client:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2004:*:*:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2004:*:sp1:*:*:server:*:*:*
cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:host_integration_server_2006:*:*:*:*:*:*:x86:*
EPSS
Процентиль: 99%
0.8472
Высокий
10 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
EPSS
Процентиль: 99%
0.8472
Высокий
10 Critical
CVSS2
Дефекты
CWE-287