6.8

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscInn Version <= 2.5.2
IscInn Version1.4
IscInn Version1.4sec
IscInn Version1.4sec2
IscInn Version1.4unoff3
IscInn Version1.4unoff4
IscInn Version1.5
IscInn Version1.5.1
IscInn Version1.7
IscInn Version1.7.2
IscInn Version2.0
IscInn Version2.1
IscInn Version2.2
IscInn Version2.2.1
IscInn Version2.2.2
IscInn Version2.2.3
IscInn Version2.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 18.81% 0.947
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P