1. Home
  2. CVE Database
  3. CVE-2016-0050
MEDIUM · 5.3

CVE-2016-0050

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS a...

Vulnerability Description

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Affected Products

VendorProductVersions
MicrosoftWindows Server 2008-
MicrosoftWindows Server 2012-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2016-0050?

CVE-2016-0050 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS a...

How severe is CVE-2016-0050?

CVE-2016-0050 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0050?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Server 2008, Microsoft Windows Server 2012.