2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.07 Low
EPSS
Percentile
94.0%
Windows Phone 7 does not check CN (Common Name) of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL.
Windows Phone 7 fails to check the CN (Common Name) of server certificates when receiving or sending e-mails using POP3/IMAP/SMTP servers using SSL allowing an attacker to perform a man-in-the-middle attack between the phone and the mail server.
A remote attacker with the ability to pose as a man-in-the-middle may be able to view the login or session data in the corresponding protocol (e.g., SMTP, POP3, etc.).
Microsoft has acknowledged this vulnerability and stated that they will be releasing an update.
389795
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 19, 2012 Updated: September 10, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 5.4 | AV:N/AC:H/Au:N/C:C/I:N/A:N |
Temporal | 4.4 | E:POC/RL:U/RC:UC |
Environmental | 4.6 | CDP:LM/TD:M/CR:ND/IR:ND/AR:ND |
<http://www.microsoft.com/windowsphone/en-us/default.aspx>
Thanks to the reporter that wishes to remain anonymous.
This document was written by Michael Orlando.
CVE IDs: | CVE-2012-2993 |
---|---|
Date Public: | 2012-09-17 Date First Published: |
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.07 Low
EPSS
Percentile
94.0%