Lucene search

[email protected]NVD:CVE-2012-4898

HistoryDec 18, 2012 - 12:30 p.m.

CVE-2012-4898

2012-12-1812:30:05

CWE-310

[email protected]

web.nvd.nist.gov

6.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

JSON

Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Affected configurations

NVD

Node

troposmesh_osRange≤7.9.1

AND

tropos1310_distrubution_automation_mesh_routerMatch-

tropos1410_mesh_routerMatch-

tropos1410_wireless_mesh_routerMatch-

tropos3310_indoor_mesh_routerMatch-

tropos3320_indoor_mesh_routerMatch-

tropos4310_mobile_mesh_routerMatch-

tropos6310_mesh_routerMatch-

tropos6320_mesh_routerMatch-

References

www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf

6.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:C/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

JSON

Related for NVD:CVE-2012-4898

prion1 ics1 cve1 cvelist1