This script is Copyright (C) 2012-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FOREFRONT_UAG_MS12-026.NBINMS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) (uncredentialed check)
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.031 Low
EPSS
Percentile
91.1%
The version of Forefront Unified Access Gateway (UAG) running on the remote host has multiple vulnerabilities :
-
A spoofing vulnerability exists that could allow an attacker to redirect a victim to a malicious website.
An attacker would have to trick the victim into clicking a specially crafted link in order to trigger the vulnerability. (CVE-2012-0146) -
A flaw exists that could allow an unauthenticated user to access the default website of the UAG server from the external network. (CVE-2012-0147)
Binary data forefront_uag_ms12-026.nbin| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | forefront_unified_access_gateway | cpe:/a:microsoft:forefront_unified_access_gateway | |
| microsoft | windows | cpe:/o:microsoft:windows |
Related
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.031 Low
EPSS
Percentile
91.1%