CVE-2001-1452 — Origin Validation Error in Microsoft Windows NT

CWE-346 — Origin Validation Error3 documents3 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows NT

Timeline

PublishedAug 31

Latest updateApr 30

Description

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDmicrosoft/windows_nt4.0

Patches

Patch: support.microsoft.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6vw-m287-cx84: By default, DNS servers on Windows NT 4↗2022-04-30

▶

CVEList

CVE-2001-1452: By default, DNS servers on Windows NT 4↗2005-04-21

▶