CVE-2011-2741

EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/520850
http://www.securitytracker.com/id?1026420

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1::::::
	cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3::::::

Information

Published : 2011-12-14 03:55

Updated : 2012-01-23 20:00

NVD link : CVE-2011-2741

Mitre link : CVE-2011-2741

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

emc

rsa_adaptive_authentication_on-premise

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/520850", "name": "20111212 ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securitytracker.com/id?1026420", "name": "1026420", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified \"data elements.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-2741", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-12-14T11:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp1_patch3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp2_patch1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:rsa_adaptive_authentication_on-premise:6.0.2.1:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-01-24T04:00Z"}