Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0100 — Microsoft Systems Management Server vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.0%

top 22.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Systems Management Server

Timeline

PublishedDec 29

Latest updateApr 30

Description

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/systems_management_server2.0

🔴Vulnerability Details

GHSA

GHSA-693g-pv65-m2gh: The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the progr↗2022-04-30

▶

CVEList

CVE-2000-0100: The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the progr↗2000-04-18

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Systems Management Server 2.0 - Default Permissions↗1999-12-29

▶