Network Flooding Vulnerability in Microsoft NWLink's NMPI Listener
CVE-2000-0980

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 98se; Windows 95; Windows Me; Windows 98
Vendor: CVE Published:; 19 December 2000

What is CVE-2000-0980?

The NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink is susceptible to a vulnerability that fails to adequately filter packets originating from a broadcast address. This flaw can be exploited by remote attackers to generate a broadcast storm, effectively overwhelming the network and resulting in significant disruptions. Attackers can leverage this vulnerability to flood a network with excessive traffic, leading to degraded performance or complete service outages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5357

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/1781

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 19, 2000
Vulnerability Reserved
Nov 24, 2000