Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3018

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-3018
Last Modified 31 Jul 2012 12:00:00
Published 31 Jul 2012 06:45:42
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3018

Summary

The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.

Vulnerable Systems

Application

  • Iconics Bizviz 8.05

  • Iconics Bizviz 9.0

  • Iconics Bizviz 9.01

  • Iconics Bizviz 9.1

  • Iconics Bizviz 9.13

  • Iconics Bizviz 9.2

  • Iconics Bizviz 9.20

  • Iconics Bizviz 9.21

  • Iconics Bizviz 9.22

  • Iconics Genesis32 8.05

  • Iconics Genesis32 9.0

  • Iconics Genesis32 9.01

  • Iconics Genesis32 9.1

  • Iconics Genesis32 9.13

  • Iconics Genesis32 9.2

  • Iconics Genesis32 9.20

  • Iconics Genesis32 9.21

  • Iconics Genesis32 9.22


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf


Last Updated: 27 May 2016 10:55:01