Detections
Analytics
Microsoft Windows SMB Registry : NT RAS Administration Registry Key Permission Weakness Local Privilege Escalation
medium Nessus Plugin ID 10567
Synopsis
Local users can gain additional privileges.Description
This script checks whether the following key can be modified by non-admins :HKLM\Software\Microsoft\Windows\RAS
Write access to this key allows an unprivileged user to gain additional privileges.
Solution
Use regedt32 and set the permissions of this key to :- admin group : Full Control
- system : Full Control
- everyone : Read
See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2000/ms00-095
Plugin Details
Severity: Medium
ID: 10567
File Name: smb_reg_ras_access.nasl
Version: 1.39
Type: local
Agent: windows
Family: Windows
Published: 12/8/2000
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: SMB/name, SMB/login, SMB/password, SMB/registry_access, SMB/transport
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/6/2000
Reference Information
CVE: CVE-2001-0045
BID: 2064
MSFT: MS00-095