CVE-2008-2246

CWE-200 — Information Exposure3 documents3 sources

Severity

7.8HIGH

EPSS

53.6%

top 2.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows-nt

Timeline

PublishedAug 13

Latest updateMay 1

Description

Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windows-nt2008

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-gr59-3xq7-cc69: Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Ser↗2022-05-01

▶

CVEList

CVE-2008-2246: Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Ser↗2008-08-13

▶