CVE-2009-3675

CWE-3993 documents3 sources

Severity

6.8MEDIUM

EPSS

45.4%

top 2.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2000

Timeline

PublishedDec 9

Latest updateMay 2

Description

LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windows_2000sp4

🔴Vulnerability Details

GHSA

GHSA-3v2j-hm2p-q5qg: LSASS↗2022-05-02

▶

CVEList

CVE-2009-3675: LSASS↗2009-12-09

▶