Lucene search

[email protected]CVE-2013-4217

HistoryAug 25, 2013 - 3:27 a.m.

CVE-2013-4217

2013-08-2503:27:32

CWE-310

[email protected]

web.nvd.nist.gov

cve-2013-4217

osal_crypt_setencryptedpassword

infrastack

osdependent

linux

wimax

intel

network service

wireless wimax connection 2400

sensitive information

log file

local users

password security

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The OSAL_Crypt_SetEncryptedPassword function in InfraStack/OSDependent/Linux/OSAL/Services/wimax_osal_crypt_services.c in the OSAL crypt module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices logs a cleartext password during certain attempts to set a password, which allows local users to obtain sensitive information by reading a log file.

Affected configurations

NVD

Node

intelwimax_network_serviceRange≤1.5.2

intelwimax_network_serviceMatch1.5.0

CPENameOperatorVersion
intel:wimax_network_serviceintel wimax network servicele1.5.2
intel:wimax_network_serviceintel wimax network serviceeq1.5.0

CPE	Name	Operator	Version
intel:wimax_network_service	intel wimax network service	le	1.5.2
intel:wimax_network_service	intel wimax network service	eq	1.5.0

References

www.openwall.com/lists/oss-security/2013/08/08/17

bugzilla.redhat.com/show_bug.cgi?id=911121

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-4217

cvelist1 nvd1 prion1