IPsec Policy Import Flaw in Microsoft Windows Server 2008 and Vista
CVE-2008-2246

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Vista; Windows-nt
Vendor: CVE Published:; 13 August 2008

What is CVE-2008-2246?

A vulnerability exists in Microsoft Windows Vista and Windows Server 2008 due to improper handling of the default IPsec policy import from a Windows Server 2003 domain. This flaw may allow remote attackers to bypass intended access restrictions, potentially compromising the security of the network. Organizations using these operating systems should be aware of this issue and consider reviewing their IPsec configuration settings to enhance their security posture.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA08-225A.html

third-party-advisoryx_refsource_CERT

http://marc.info/?l=bugtraq&m=121915960406986&w=2

vendor-advisoryx_refsource_HP

EPSS Score

53% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2008
Vulnerability Reserved
May 16, 2008