Vulnerability Details : CVE-2012-2287
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2012-2287
Probability of exploitation activity in the next 30 days: 0.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2287
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2012-2287
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2287
-
http://archives.neohapsis.com/archives/bugtraq/2012-09/0102.html
Vendor Advisory
-
http://www.securityfocus.com/bid/55662
Multiple RSA Products Authentication Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78802
RSA Authentication Agent and RSA Authentication Client security bypass CVE-2012-2287 Vulnerability Report
Products affected by CVE-2012-2287
- cpe:2.3:a:emc:rsa_authentication_agent:7.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:emc:rsa_authentication_client:3.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003