Lucene search

[email protected]NVD:CVE-2012-4694

HistoryFeb 15, 2013 - 12:09 p.m.

CVE-2012-4694

2013-02-1512:09:27

CWE-310

[email protected]

web.nvd.nist.gov

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.8%

JSON

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Affected configurations

NVD

Node

moxaedr_g903_firmwareRange≤2.2

moxaedr_g903_firmwareMatch1.0

moxaedr_g903_firmwareMatch2.0

moxaedr_g903_firmwareMatch2.1

AND

moxaedr-g903Match-

References

ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf

www.moxa.com/support/download.aspx?type=support&id=492

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.8%

JSON

Related for NVD:CVE-2012-4694

prion1 cvelist1 cve1 ics1