Lucene search

[email protected]CVE-2012-2287

HistorySep 25, 2012 - 11:07 a.m.

CVE-2012-2287

2012-09-2511:07:00

CWE-287

[email protected]

web.nvd.nist.gov

emc

rsa

authentication

agent

client

windows xp

windows server 2003

vulnerability

cve-2012-2287

nvd

6.7 Medium

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

CPENameOperatorVersion
emc:rsa_authentication_agentemc rsa authentication agenteq7.1
emc:rsa_authentication_clientemc rsa authentication clienteq3.5

CPE	Name	Operator	Version
emc:rsa_authentication_agent	emc rsa authentication agent	eq	7.1
emc:rsa_authentication_client	emc rsa authentication client	eq	3.5

References

archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

www.securityfocus.com/bid/55662

exchange.xforce.ibmcloud.com/vulnerabilities/78802

6.7 Medium

AI Score

Confidence

Low

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2012-2287

securityvulns2 prion1 nessus1 openvas1