CVE-2012-4716

{"id": "CVE-2012-4716", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-13T18:59:00.077", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key."}, {"lang": "es", "value": "Los dispositivos N-Tron 702-W Industrial Wireless Access Point utilizan las mismas claves privadas (1) SSH y (2) HTTPS en las instalaciones de clientes diferentes, lo que facilita a atacantes remotos derrotar los mecanismos de protecci\u00f3n criptogr\u00e1ficos mediante el aprovechamiento de conocimiento de una clave."}], "lastModified": "2015-06-16T13:28:51.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:n-tron:702w_industrial_wireless_access_point:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBAEC569-6282-47FD-96E3-CD84A88C551A"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}