CVE-2010-4562 - Vulnerability Details - OpenCVE

Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2000 Windows 2003 Server Windows 7 Windows Server 2008 Windows Vista Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_7::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:::::::*
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::::::::

No data.

References

Link	Providers
http://seclists.org/dailydave/2011/q2/25
http://seclists.org/fulldisclosure/2011/Apr/254

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-02T17:00:00Z

Updated: 2024-09-17T03:12:24.022Z

Reserved: 2010-12-20T00:00:00Z

Link: CVE-2010-4562

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-02-02T17:55:00.800

Modified: 2024-11-21T01:21:12.847

Link: CVE-2010-4562

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-02T17:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2011/Apr/254"}, {"name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/dailydave/2011/q2/25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-4562", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2011/Apr/254"}, {"name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "refsource": "MLIST", "url": "http://seclists.org/dailydave/2011/q2/25"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.355Z"}, "title": "CVE Program Container", "references": [{"name": "20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2011/Apr/254"}, {"name": "[dailydave] 20110415 Another Microsoft (and other) IPv6 security issue: sniffer detection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/dailydave/2011/q2/25"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-4562", "datePublished": "2012-02-02T17:00:00Z", "dateReserved": "2010-12-20T00:00:00Z", "dateUpdated": "2024-09-17T03:12:24.022Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*", "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652."}, {"lang": "es", "value": "Microsoft Windows 2008, 7, Vista, 2003, 2000 y XP, cuando se utiliza IPv6, permite a atacantes remotos determinar si un host est\u00e1 interceptando el tr\u00e1fico de red mediante el env\u00edo de una solicitud de eco ICMPv6 (ICMPv6 Echo Request) a una direcci\u00f3n multicast y determinando si se env\u00eda una respuesta de eco, como lo demuestra la aplicaci\u00f3n thcping. NOTA: debido a un error tipogr\u00e1fico, algunas fuentes apuntan el CVE-2010-4562 a una vulnerabilidad mod_sql de ProFTPd, pero el problema est\u00e1 explicado en CVE-2010-4652."}], "id": "CVE-2010-4562", "lastModified": "2024-11-21T01:21:12.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-02-02T17:55:00.800", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/dailydave/2011/q2/25"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2011/Apr/254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/dailydave/2011/q2/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2011/Apr/254"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}