Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4694

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2012-4694
Last Modified 15 Feb 2013 12:00:00
Published 15 Feb 2013 07:09:27
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-4694

Summary

Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Vulnerable Systems

Application

  • Moxa Edr G903 Firmware 1.0

  • Moxa Edr G903 Firmware 2.0

  • Moxa Edr G903 Firmware 2.1

  • Moxa Edr G903 Firmware 2.2


References

MISC - http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf

CONFIRM - http://www.moxa.com/support/download.aspx?type=support&id=492


Last Updated: 27 May 2016 10:58:34