Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3006

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2012-3006
Last Modified 20 Jun 2012 12:00:00
Published 19 Jun 2012 02:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-3006

Summary

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

Vulnerable Systems

Application

  • Innominate Eagle Mguard Bd-301010

  • Innominate Eagle Mguard Hw-201000

  • Innominate Mguard Blade Hw-104020

  • Innominate Mguard Blade Hw-104050

  • Innominate Mguard Delta Bd-201000

  • Innominate Mguard Delta Hw-103050

  • Innominate Mguard Industrial Rs Bd-501000

  • Innominate Mguard Industrial Rs Bd-501010

  • Innominate Mguard Industrial Rs Bd-501020

  • Innominate Mguard Industrial Rs Hw-105000

  • Innominate Mguard Pci Bd-111010

  • Innominate Mguard Pci Bd-111020

  • Innominate Mguard Pci Hw-102020

  • Innominate Mguard Pci Hw-102050

  • Innominate Mguard Smart Bd-101010

  • Innominate Mguard Smart Bd-101020

  • Innominate Mguard Smart Hw-101020

  • Innominate Mguard Smart Hw-101050


References

MISC - https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf

CONFIRM - http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf


Last Updated: 27 May 2016 10:57:32