cvelistv5 - cve-2012-1316

cve-2012-1316

Vulnerability from cvelistv5

Published

2020-01-15 13:11

Modified

2024-11-15 17:48

Severity ?

Summary

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/52981	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://www.secureworks.com/research/transitive-trust	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52981	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.secureworks.com/research/transitive-trust	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

Cisco

IronPort Web Security Appliance

Version: through at least 2012-04-11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:37.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52981"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.secureworks.com/research/transitive-trust"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2012-1316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:30:17.814057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:48:40.917Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IronPort Web Security Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "through at least 2012-04-11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T13:11:31",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/52981"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.secureworks.com/research/transitive-trust"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-1316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IronPort Web Security Appliance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "through at least 2012-04-11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/52981",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/52981"
            },
            {
              "name": "https://www.secureworks.com/research/transitive-trust",
              "refsource": "MISC",
              "url": "https://www.secureworks.com/research/transitive-trust"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-1316",
    "datePublished": "2020-01-15T13:11:31",
    "dateReserved": "2012-02-27T00:00:00",
    "dateUpdated": "2024-11-15T17:48:40.917Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9E64F62-07C0-42BA-BABA-E3243F6E924A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks\"}, {\"lang\": \"es\", \"value\": \"Cisco IronPort Web Security Appliance no comprueba la revocaci\\u00f3n del certificado, lo que podr\\u00eda conllevar a ataques de tipo MITM.\"}]",
      "id": "CVE-2012-1316",
      "lastModified": "2024-11-21T01:36:49.013",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-15T14:15:11.623",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/52981\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.secureworks.com/research/transitive-trust\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/52981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.secureworks.com/research/transitive-trust\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-295\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-1316\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-01-15T14:15:11.623\",\"lastModified\":\"2024-11-21T01:36:49.013\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks\"},{\"lang\":\"es\",\"value\":\"Cisco IronPort Web Security Appliance no comprueba la revocaci\u00f3n del certificado, lo que podr\u00eda conllevar a ataques de tipo MITM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E64F62-07C0-42BA-BABA-E3243F6E924A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/52981\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.secureworks.com/research/transitive-trust\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/52981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.secureworks.com/research/transitive-trust\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/52981\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.secureworks.com/research/transitive-trust\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-06T18:53:37.024Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2012-1316\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:30:17.814057Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:30:57.305Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Cisco\", \"product\": \"IronPort Web Security Appliance\", \"versions\": [{\"status\": \"affected\", \"version\": \"through at least 2012-04-11\"}]}], \"references\": [{\"url\": \"http://www.securityfocus.com/bid/52981\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.secureworks.com/research/transitive-trust\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Security Bypass\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-01-15T13:11:31\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"through at least 2012-04-11\"}]}, \"product_name\": \"IronPort Web Security Appliance\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/52981\", \"name\": \"http://www.securityfocus.com/bid/52981\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.secureworks.com/research/transitive-trust\", \"name\": \"https://www.secureworks.com/research/transitive-trust\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Security Bypass\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2012-1316\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2012-1316\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-15T17:48:40.917Z\", \"dateReserved\": \"2012-02-27T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-01-15T13:11:31\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks. Cisco IronPort WSA failed to revoke certificates through the CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) standards. Even if the client certificate can be created under the proxy CA context if the server-side certificate is revoked, an attacker could exploit this vulnerability to perform a MITM attack using the revoked certificate. Successfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine. A successful exploitation could allow the malicious user to access sensitive information using man-in-the-middle attacks. Proof-of-concept code that exploits this vulnerability is publicly available. Cisco has not confirmed the vulnerability and software updates are not available

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0111",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ironport web security appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport web security appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "ironport web security appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.x"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jeff Jarmoc",
    "sources": [
      {
        "db": "BID",
        "id": "52981"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-1316",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-1316",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-54597",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-1316",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-1316",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201204-136",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-54597",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2012-1316",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks. Cisco IronPort WSA failed to revoke certificates through the CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) standards. Even if the client certificate can be created under the proxy CA context if the server-side certificate is revoked, an attacker could exploit this vulnerability to perform a MITM attack using the revoked certificate. \nSuccessfully exploiting these issues will allow attackers to bypass security restrictions and perform unauthorized actions. The program offers features such as Web Reputation Filter (WBRS) and anti-malware scanning engine. \u00a0\u00a0A successful exploitation could allow the malicious user to access sensitive information using man-in-the-middle attacks. \nProof-of-concept code that exploits this vulnerability is publicly available. \nCisco has not confirmed the vulnerability and software updates are not available",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "BID",
        "id": "52981"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-1316",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "52981",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "db": "BID",
        "id": "52981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "id": "VAR-202001-0111",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:59:05.238000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://www.secureworks.com/research/transitive-trust"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/52981"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1316"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1316"
      },
      {
        "trust": 0.6,
        "url": "http://www.secureworks.com/research/threats/transitive-trust/http"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps10164/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.secureworks.com/research/threats/transitive-trust/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/295.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25647"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "db": "BID",
        "id": "52981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "db": "BID",
        "id": "52981"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "date": "2020-01-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "date": "2020-01-15T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "date": "2012-04-11T00:00:00",
        "db": "BID",
        "id": "52981"
      },
      {
        "date": "2020-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "date": "2020-01-15T14:15:11.623000",
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "date": "2012-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-04-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2012-1838"
      },
      {
        "date": "2020-01-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-54597"
      },
      {
        "date": "2020-01-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2012-1316"
      },
      {
        "date": "2012-04-11T00:00:00",
        "db": "BID",
        "id": "52981"
      },
      {
        "date": "2020-02-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      },
      {
        "date": "2020-01-23T03:24:27.427000",
        "db": "NVD",
        "id": "CVE-2012-1316"
      },
      {
        "date": "2020-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IronPort Web Security Appliance Vulnerabilities in certificate validation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-006563"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201204-136"
      }
    ],
    "trust": 0.6
  }
}

ghsa-mp65-95xh-r2ch

Vulnerability from github

Published

2022-04-23 00:40

Modified

2024-04-03 23:53

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-1316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-15T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks",
  "id": "GHSA-mp65-95xh-r2ch",
  "modified": "2024-04-03T23:53:12Z",
  "published": "2022-04-23T00:40:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1316"
    },
    {
      "type": "WEB",
      "url": "https://www.secureworks.com/research/transitive-trust"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52981"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2012-1316

Vulnerability from fkie_nvd

Published

2020-01-15 14:15

Modified

2024-11-21 01:36

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

References

URL	Tags
ykramarz@cisco.com	http://www.securityfocus.com/bid/52981	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://www.secureworks.com/research/transitive-trust	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52981	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.secureworks.com/research/transitive-trust	Third Party Advisory

Impacted products

	Vendor	Product	Version
	cisco	ironport_web_security_appliance	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E64F62-07C0-42BA-BABA-E3243F6E924A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
    },
    {
      "lang": "es",
      "value": "Cisco IronPort Web Security Appliance no comprueba la revocaci\u00f3n del certificado, lo que podr\u00eda conllevar a ataques de tipo MITM."
    }
  ],
  "id": "CVE-2012-1316",
  "lastModified": "2024-11-21T01:36:49.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T14:15:11.623",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/52981"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.secureworks.com/research/transitive-trust"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/52981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.secureworks.com/research/transitive-trust"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2012-1316

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

Aliases

CVE-2012-1316

Aliases

CVE-2012-1316

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-1316",
    "description": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks",
    "id": "GSD-2012-1316"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-1316"
      ],
      "details": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks",
      "id": "GSD-2012-1316",
      "modified": "2023-12-13T01:20:17.731610Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2012-1316",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "IronPort Web Security Appliance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "through at least 2012-04-11"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/bid/52981",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/52981"
          },
          {
            "name": "https://www.secureworks.com/research/transitive-trust",
            "refsource": "MISC",
            "url": "https://www.secureworks.com/research/transitive-trust"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ironport_web_security_appliance:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-1316"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/bid/52981",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/52981"
            },
            {
              "name": "https://www.secureworks.com/research/transitive-trust",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.secureworks.com/research/transitive-trust"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-01-23T03:24Z",
      "publishedDate": "2020-01-15T14:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-1316

Vulnerability from cvelistv5

var-202001-0111

Vulnerability from variot

ghsa-mp65-95xh-r2ch

Vulnerability from github

cve-2012-1316

Vulnerability from fkie_nvd

gsd-2012-1316

Vulnerability from gsd

Tags

Sightings

Nomenclature