CVE-2012-4613

EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html
http://www.securityfocus.com/bid/56508

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:emc:rsa_data_protection_manager_appliance:2.7.0:::::::*
	cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.0:::::::*
	cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.1:::::::*
	cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.2:::::::*

History

No history.

Information

Published : 2012-11-16 00:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-4613

Mitre link : CVE-2012-4613

CVE.ORG link : CVE-2012-4613

JSON object : View

Products Affected

emc

rsa_data_protection_manager_appliance

CWE

CWE-287

Improper Authentication

{"id": "CVE-2012-4613", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-16T00:55:01.180", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/56508", "source": "security_alert@emc.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack."}, {"lang": "es", "value": "EMC RSA Data Protection Manager Appliance v3.x y v2.7.x antes de v3.2.1 no restringe correctamente el n\u00famero de intentos de autenticaci\u00f3n de una cuenta de usuario, lo que hace que sea m\u00e1s f\u00e1cil para los usuarios locales eludir restricciones de acceso por medio de un ataque de fuerza bruta.\r\n"}], "lastModified": "2013-02-26T04:50:33.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:emc:rsa_data_protection_manager_appliance:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4E90B05-EA3A-47B7-BF98-27DEC19740D8"}, {"criteria": "cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24990883-A014-4E93-90A1-A36A52ACD967"}, {"criteria": "cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC03AD04-84EE-4FD1-A85F-FBC346364D36"}, {"criteria": "cpe:2.3:h:emc:rsa_data_protection_manager_appliance:3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F178D3D-2CC7-4DAC-9059-53A472471954"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}