Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-3006

Опубликовано: 19 июн. 2012
Источник: nvd
CVSS2: 7.1
EPSS Низкий

Описание

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*
Версия до 7.5.0 (исключая)

Одно из

cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:*
cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%
0.0054
Низкий

7.1 High

CVSS2

Дефекты

CWE-310

Связанные уязвимости

github логотип

GHSA-6jfx-f78m-7wmf

github
больше 3 лет назад

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

EPSS

Процентиль: 67%
0.0054
Низкий

7.1 High

CVSS2

Дефекты

CWE-310