// For flags

CVE-2012-2287

 

Severity Score

8.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.

La funcionalidad de autenticación en EMC RSA Authentication Client v7.1 y RSA Authentication v3.5 en Windows XP y Windows Server 2003, con una configuración no especificada, permite a usuarios remotos autenticados eludir el token de autenticación, y establecer una sesión de conexión a un host remoto, aprovechándose de las credenciales de Windows para ese host.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-04-19 CVE Reserved
  • 2012-09-24 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Emc
Search vendor "Emc"
Rsa Authentication Agent
Search vendor "Emc" for product "Rsa Authentication Agent"
7.1
Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*-
Safe
Emc
Search vendor "Emc"
Rsa Authentication Agent
Search vendor "Emc" for product "Rsa Authentication Agent"
7.1
Search vendor "Emc" for product "Rsa Authentication Agent" and version "7.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
--
Safe
Emc
Search vendor "Emc"
Rsa Authentication Client
Search vendor "Emc" for product "Rsa Authentication Client"
3.5
Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*-
Safe
Emc
Search vendor "Emc"
Rsa Authentication Client
Search vendor "Emc" for product "Rsa Authentication Client"
3.5
Search vendor "Emc" for product "Rsa Authentication Client" and version "3.5"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
--
Safe