The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.4124
Percentile: 0.97251

CVSS Scoring

Affected Products

• cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
• cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

← Back to Home