cvelistv5 - CVE-2012-3006

CVE-2012-3006 (GCVE-0-2012-3006)

Vulnerability from cvelistv5 – Published: 2012-06-19 18:00 – Updated: 2024-09-16 23:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

icscert

References

URL

GHSA-6JFX-F78M-7WMF

Vulnerability from github – Published: 2022-05-14 00:52 – Updated: 2022-05-14 00:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-3006"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-19T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.",
  "id": "GHSA-6jfx-f78m-7wmf",
  "modified": "2022-05-14T00:52:09Z",
  "published": "2022-05-14T00:52:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3006"
    },
    {
      "type": "WEB",
      "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
    },
    {
      "type": "WEB",
      "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

ICSA-12-167-01

Vulnerability from csaf_cisa - Published: 2012-03-19 06:00 - Updated: 2025-06-06 22:37

Summary

Innominate MGuard Weak HTTPS and SSH Keys

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-12-167-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2012/icsa-12-167-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-12-167-01 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-167-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "Innominate MGuard Weak HTTPS and SSH Keys",
    "tracking": {
      "current_release_date": "2025-06-06T22:37:37.465622Z",
      "generator": {
        "date": "2025-06-06T22:37:37.465503Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-12-167-01",
      "initial_release_date": "2012-03-19T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2012-03-19T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        },
        {
          "date": "2025-06-06T22:37:37.465622Z",
          "legacy_version": "CSAF Conversion",
          "number": "2",
          "summary": "Advisory converted into a CSAF"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-101020|HW-101050|BD-101010|BD-101020",
                "product": {
                  "name": "Innominate mGuard Smart: HW-101020|HW-101050|BD-101010|BD-101020",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "mGuard Smart"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-102020|HW-102050|BD-111010|BD-111020",
                "product": {
                  "name": "Innominate mGuard PCI: HW-102020|HW-102050|BD-111010|BD-111020",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "mGuard PCI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-105000|BD-501000|BD-501010|BD-501020",
                "product": {
                  "name": "Innominate mGuard Industrial RS: HW-105000|BD-501000|BD-501010|BD-501020",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "mGuard Industrial RS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-104020|HW-104050",
                "product": {
                  "name": "Innominate mGuard Blade: HW-104020|HW-104050",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "mGuard Blade"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-103050|BD-201000",
                "product": {
                  "name": "Innominate mGuard Delta: HW-103050|BD-201000",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "mGuard Delta"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "HW-201000|BD-301010",
                "product": {
                  "name": "Innominate EAGLE mGuard: HW-201000|BD-301010",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "EAGLE mGuard"
          }
        ],
        "category": "vendor",
        "name": "Innominate"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-3006",
      "cwe": {
        "id": "CWE-331",
        "name": "Insufficient Entropy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Software Version 7.5.0 or later properly uses existing entropy before generating HTTPS and SSH keys. It also increases the size of the RSA keys from 1,024 bits to 2,048 bits. The software update can be found at Innominate download website.e Innominate recommends changing passwords after new keys are generated.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Innominate recommends one of the three following mitigation procedures:  Use the Rescue Procedure to install the software Version 7.5.0. New keys will be generated as part of this process.  Use the update mechanism to update the devices to Version 7.5.0.  a. Install the update. Existing keys will be kept.  b. After the update, the existing keys must be replaced by using one of the following methods:  i. Web User Interface  1) Login as root or admin user.  2) Press the \u201cGenerate new 2048 bit keys\u201d button either in the \u201cWeb Settings -\u003e Access\u201d or in the \u201cSystem Settings -\u003e Shell Access\u201d menu.  3) Note the fingerprint output of the newly generated keys.  4) Login via HTTPS and compare the certificate information provided by the browser.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "ii. Console  1) Login via the serial console or SSH as root or admin user.  2) Call the program: $ rsa_renewal update.  3) Note the fingerprint output of the newly generated keys.  4) Login via SSH and compare the fingerprints shown by the SSH.  3. Upload and execute a shell script via SSH as root, provided by Innominate. The script will generate new 2,048 bit keys without requiring an update to software Version 7.5.0.  a. The script can be downloaded from Innominate at http://www.innominate.com/en/downloads/software-and-misc.  b. Use scp to copy the script onto the mGuard like (but appropriate for the user\u2019s setup): $ scp generate_2048key.sh root@192.168.1.1:/root/.  c. Login via SSH as root user.  d. Execute the script: $ sh /root/generate_2048key.sh.  e. Note the fingerprint output of the newly generated keys.  f. Login via SSH and compare the fingerprints shown by SSH.\\",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "baseScore": 7.1,
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ]
    }
  ]
}

FKIE_CVE-2012-3006

Vulnerability from fkie_nvd - Published: 2012-06-19 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf	Vendor Advisory
ics-cert@hq.dhs.gov	http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf	Broken Link, Third Party Advisory, US Government Resource
ics-cert@hq.dhs.gov	https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf	Broken Link, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs	Not Applicable

Impacted products

Vendor	Product	Version
innominate	mguard_firmware	*
innominate	eagle_mguard_bd-301010	-
innominate	eagle_mguard_hw-201000	-
innominate	mguard_blade_hw-104020	-
innominate	mguard_blade_hw-104050	-
innominate	mguard_delta_bd-201000	-
innominate	mguard_delta_hw-103050	-
innominate	mguard_industrial_rs_bd-501000	-
innominate	mguard_industrial_rs_bd-501010	-
innominate	mguard_industrial_rs_bd-501020	-
innominate	mguard_industrial_rs_hw-105000	-
innominate	mguard_pci_bd-111010	-
innominate	mguard_pci_bd-111020	-
innominate	mguard_pci_hw-102020	-
innominate	mguard_pci_hw-102050	-
innominate	mguard_smart_bd-101010	-
innominate	mguard_smart_bd-101020	-
innominate	mguard_smart_hw-101020	-
innominate	mguard_smart_hw-101050	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1137F55-09EF-4F7C-8EFF-923B6C8CBA75",
              "versionEndExcluding": "7.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "39221D0D-E26E-4477-9CC7-C7DD8E3991FF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B31DD61-EB19-449E-9800-3FE35ABCB923",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E79CDFEB-98E1-42E1-8F71-D15B6F439135",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "275E8504-9771-4CAA-859C-AE1CF83C0AAC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC67D72-51CF-4B76-A439-0135B0494412",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC89F6F-A767-4C38-A2E3-8927E8B43A40",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D78EF2-A75A-4F47-8907-CDF4091F6E1B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C7033A-ECFA-4487-AF65-E0B787312F43",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2DD96F8-6BF2-44B8-B458-22B34A2C7C49",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCD2CCC-FA85-42AA-931A-23DE15319BD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B19092E-9542-45D2-8323-FCB2F08A7CDD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66EA5A6-B1E4-45F1-B60F-73C6D7CC2011",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED522AD4-21E5-44C7-BE73-92318D84A59F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "366A012C-905C-4523-AE75-2864C329693C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B23C8DDF-74C1-41EC-961F-C8D2759087C4",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC7B1E51-6FBB-4EA4-9170-D862648D112D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94736549-BC05-4336-A800-4E11628BDFDB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99114202-2EC3-4DDB-9ABF-F36A841CCF39",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
    },
    {
      "lang": "es",
      "value": "The Innominate mGuard Smart HW antes de HW-101130 y BD antes de BD-101030, mGuard industrial RS, mGuard delta HW antes de HW-103060 y BD antes de BD-211010, mGuard PCI, mGuard blade, y EAGLE mGuard con sistema anterior a v7.5.0, no utiliza una fuente suficiente de la entrop\u00eda de las claves privadas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes de MITM (man-in-the-middle) falsificar (1) HTTPS o (2) servidores SSH mediante la predicci\u00f3n de un valor clave."
    }
  ],
  "id": "CVE-2012-3006",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-19T18:55:01.113",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-3006

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-3006

Aliases

CVE-2012-3006

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3006",
    "description": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.",
    "id": "GSD-2012-3006"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-3006"
      ],
      "details": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.",
      "id": "GSD-2012-3006",
      "modified": "2023-12-13T01:20:20.549160Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2012-3006",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs",
            "refsource": "MISC",
            "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
          },
          {
            "name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
          },
          {
            "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2012-3006"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf",
              "refsource": "MISC",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
            },
            {
              "name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
            },
            {
              "name": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-08-29T15:42Z",
      "publishedDate": "2012-06-19T18:55Z"
    }
  }
}

VAR-201206-0116

Vulnerability from variot - Updated: 2023-12-18 12:38

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value. Remote attackers can exploit this issue to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information. Successful exploits may result in the attacker executing arbitrary code or gain unauthorized access on the affected system. The following products are affected: mGuard Smart mGuard PCI mGuard Industrial RS mGuard Blade mGuard Delta EAGLE mGuard. ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: Innominate mGuard Weak Entropy Key Generation Weakness

SECUNIA ADVISORY ID: SA49632

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49632/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49632

RELEASE DATE: 2012-06-18

DISCUSS ADVISORY: http://secunia.com/advisories/49632/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49632/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49632

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A weakness has been reported in Innominate mGuard, which can be exploited by malicious people to conduct brute force attacks.

The weakness is reported versions prior to 7.5.0. Please see the vendor's advisory for the list of affected products.

SOLUTION: Update to version 7.5.0.

PROVIDED AND/OR DISCOVERED BY: Nadia Heninger (UCSD), Zakir Durumeric (UMICH), Eric Wustrow (UMICH), and J. Alex Halderman (UMICH).

ORIGINAL ADVISORY: https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/

ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf

Innominate: http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201206-0116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mguard",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "innominate",
        "version": "7.5.0"
      },
      {
        "model": "eagle mguard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-201000"
      },
      {
        "model": "eagle mguard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-301010"
      },
      {
        "model": "mguard blade",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-104020"
      },
      {
        "model": "mguard blade",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-104050"
      },
      {
        "model": "mguard delta",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-103050"
      },
      {
        "model": "mguard delta",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-201000"
      },
      {
        "model": "mguard industrial rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-105000"
      },
      {
        "model": "mguard industrial rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-501000"
      },
      {
        "model": "mguard industrial rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-501010"
      },
      {
        "model": "mguard industrial rs",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-501020"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-102020"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-102050"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-111010"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-111020"
      },
      {
        "model": "mguard smart",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-101020"
      },
      {
        "model": "mguard smart",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "hw-101050"
      },
      {
        "model": "mguard smart",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-101010"
      },
      {
        "model": "mguard smart",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "innominate security",
        "version": "bd-101020"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "bd-111020"
      },
      {
        "model": "mguard blade",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-104020"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-102050"
      },
      {
        "model": "eagle mguard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-201000"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "bd-111010"
      },
      {
        "model": "mguard pci",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-102020"
      },
      {
        "model": "eagle mguard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "bd-301010"
      },
      {
        "model": "mguard delta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "bd-201000"
      },
      {
        "model": "mguard blade",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-104050"
      },
      {
        "model": "mguard delta",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "innominate",
        "version": "hw-103050"
      },
      {
        "model": "mguard smart hw-101050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard smart hw-101020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard smart bd-101020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard smart bd-101010",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard pci hw-102050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard pci hw-102020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard pci bd-111020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard pci bd-111010",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard delta hw-103050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard delta bd-201000",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard blade hw-104050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "mguard blade hw-104020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "industrial rs hw-105000",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "industrial rs bd-501020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "industrial rs bd-501010",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "industrial rs bd-501000",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "eagle mguard hw-201000",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "eagle mguard bd-301010",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "delta hw-103050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "delta bd-201000",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "blade hw-104050",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      },
      {
        "model": "blade hw-104020",
        "scope": null,
        "trust": 0.3,
        "vendor": "innominate",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "54033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nadia Heninger, Eric Wustrow, and J. Alex Halderman, Zakir Durumeric",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2012-3006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2012-3006",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-56287",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-3006",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201206-265",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-56287",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value. \nRemote attackers can exploit this issue to perform man-in-the-middle attacks against vulnerable applications and to disclose sensitive information. Successful exploits may result in the attacker executing arbitrary code or  gain unauthorized access on the affected system. \nThe following products are affected:\nmGuard Smart\nmGuard PCI\nmGuard Industrial RS\nmGuard Blade\nmGuard Delta\nEAGLE mGuard. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nInnominate mGuard Weak Entropy Key Generation Weakness\n\nSECUNIA ADVISORY ID:\nSA49632\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49632/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49632\n\nRELEASE DATE:\n2012-06-18\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49632/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49632/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49632\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness has been reported in Innominate mGuard, which can be\nexploited by malicious people to conduct brute force attacks. \n\nThe weakness is reported versions prior to 7.5.0. Please see the\nvendor\u0027s advisory for the list of affected products. \n\nSOLUTION:\nUpdate to version 7.5.0. \n\nPROVIDED AND/OR DISCOVERED BY:\nNadia Heninger (UCSD), Zakir Durumeric (UMICH), Eric Wustrow (UMICH),\nand J. Alex Halderman (UMICH). \n\nORIGINAL ADVISORY:\nhttps://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/\n\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf\n\nInnominate:\nhttp://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "BID",
        "id": "54033"
      },
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "PACKETSTORM",
        "id": "113830"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-12-167-01",
        "trust": 2.9
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "54033",
        "trust": 0.4
      },
      {
        "db": "SECUNIA",
        "id": "49632",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-56287",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "113830",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "BID",
        "id": "54033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "PACKETSTORM",
        "id": "113830"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "id": "VAR-201206-0116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:38:49.099000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.innominate.com/en"
      },
      {
        "title": "ICS-VU-873212",
        "trust": 0.8,
        "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
      },
      {
        "title": "Innominate Security Technologies mGuard Repair measures for weak entropy key generation vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97709"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-310",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-167-01.pdf"
      },
      {
        "trust": 2.1,
        "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3006"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3006"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/en/downloads/software-and-misc"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=49632"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/psi_30_beta_launch"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49632/#comments"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/49632/"
      },
      {
        "trust": 0.1,
        "url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "BID",
        "id": "54033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "PACKETSTORM",
        "id": "113830"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "db": "BID",
        "id": "54033"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "db": "PACKETSTORM",
        "id": "113830"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-06-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "date": "2012-06-15T00:00:00",
        "db": "BID",
        "id": "54033"
      },
      {
        "date": "2012-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "date": "2012-06-18T04:32:45",
        "db": "PACKETSTORM",
        "id": "113830"
      },
      {
        "date": "2012-06-19T18:55:01.113000",
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-56287"
      },
      {
        "date": "2012-06-15T00:00:00",
        "db": "BID",
        "id": "54033"
      },
      {
        "date": "2012-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      },
      {
        "date": "2019-08-29T15:42:37.633000",
        "db": "NVD",
        "id": "CVE-2012-3006"
      },
      {
        "date": "2019-08-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Innominate Security Technologies In our products  HTTPS Or  SSH Vulnerability impersonating a server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002806"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201206-265"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3006 (GCVE-0-2012-3006)

GHSA-6JFX-F78M-7WMF

ICSA-12-167-01

FKIE_CVE-2012-3006

GSD-2012-3006

VAR-201206-0116

Tags

Sightings

Nomenclature