CVE-2013-3280 : EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which

EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.

Published 2013-10-25 03:52:55

Updated 2013-10-25 19:00:46

Source Dell

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-3280

Probability of exploitation activity in the next 30 days: 0.37%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-3280

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-3280

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3280

http://archives.neohapsis.com/archives/bugtraq/2013-10/0115.html

Products affected by CVE-2013-3280

EMC » Rsa Authentication Agent » Version: 7.1
cpe:2.3:a:emc:rsa_authentication_agent:7.1:*:*:*:*:*:*:*
Matching versions
EMC » Rsa Authentication Agent » Version: 7.1.1
cpe:2.3:a:emc:rsa_authentication_agent:7.1.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-3280

Exploit prediction scoring system (EPSS) score for CVE-2013-3280

CVSS scores for CVE-2013-3280

CWE ids for CVE-2013-3280

References for CVE-2013-3280

Products affected by CVE-2013-3280