CVE-2014-0317

EPSS 12.47%
Published 12.03.2014 05:15:19
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the user-lockout state, which makes it easier for remote attackers to bypass the account lockout policy and obtain access via a brute-force attack, aka "SAMR Security Feature Bypass Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003 Updatesp2

Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64

Microsoft ≫ Windows Server 2008 Updatesp2 Editionx86

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2 SwEditiondatacenter

Microsoft ≫ Windows Server 2012 Versionr2 SwEditionessentials

Microsoft ≫ Windows Server 2012 Versionr2 SwEditionstandard

Microsoft ≫ Windows Vista Updatesp2

Microsoft ≫ Windows Xp Updatesp3

Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.47%	0.937

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.4	4.9	6.9	AV:N/AC:H/Au:N/C:N/I:C/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-016

https://nvd.nist.gov/vuln/detail/CVE-2014-0317

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0317

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0317

EUVD