CVE-2012-2287
Severity Score
8.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
La funcionalidad de autenticación en EMC RSA Authentication Client v7.1 y RSA Authentication v3.5 en Windows XP y Windows Server 2003, con una configuración no especificada, permite a usuarios remotos autenticados eludir el token de autenticación, y establecer una sesión de conexión a un host remoto, aprovechándose de las credenciales de Windows para ese host.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-04-19 CVE Reserved
- 2012-09-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/55662 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78802 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html | 2019-02-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent" | 7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Emc Search vendor "Emc" | Rsa Authentication Agent Search vendor "Emc" for product "Rsa Authentication Agent" | 7.1 Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|
| Emc Search vendor "Emc" | Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client" | 3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Emc Search vendor "Emc" | Rsa Authentication Client Search vendor "Emc" for product "Rsa Authentication Client" | 3.5 Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | - | - |
Safe
|