CVE-2012-3006 Details

CVE-2012-3006

Published: 2012-06-19
Last Modified: 2019-08-29
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7.1/10
Exploit Score 3.9/10
Access Vector Network
Access Complexity High
Authentication Single
Impact Score 10/10
Confidentiality Impact Complete
Availability Impact Complete
Integrity Impact Complete
Vector String AV:N/AC:H/Au:S/C:C/I:C/A:C
Common Vulnerability Score System v3.1

NIST has not assigned a CVSSv3.1 Score.

Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:* Yes - 7.5.0
cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:* No - -
References

http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf
https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

CVE ID
CVE-2012-3006
Published
2012-06-19
Modified
2019-08-29
CVSSv2.0
High
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-310

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.