8.5

CVE-2012-2287

EPSS 0.24%
Published 25.09.2012 11:07:46
Last modified 11.04.2025 00:51:21
Source security_alert@emc.com
Teams watchlist Login
Open Login

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Rsa Authentication Agent Version7.1

Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Xp Version-

Emc ≫ Rsa Authentication Client Version3.5

Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.5	6.8	10	AV:N/AC:M/Au:S/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html

Vendor Advisory

http://www.securityfocus.com/bid/55662

https://exchange.xforce.ibmcloud.com/vulnerabilities/78802

https://nvd.nist.gov/vuln/detail/CVE-2012-2287

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2287

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2287

EUVD