CVE-2012-3006 : The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

Published 2012-06-19 18:55:01

Updated 2025-04-11 00:51:22

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2012-3006

Innominate » Mguard Firmware
Versions before (<) 7.5.0
cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Innominate » Eagle Mguard Bd-301010 » Version: N/A
When used together with: Innominate » Eagle Mguard Hw-201000 » Version: N/A
When used together with: Innominate » Mguard Blade Hw-104020 » Version: N/A
When used together with: Innominate » Mguard Blade Hw-104050 » Version: N/A
When used together with: Innominate » Mguard Delta Bd-201000 » Version: N/A
When used together with: Innominate » Mguard Delta Hw-103050 » Version: N/A
When used together with: Innominate » Mguard Industrial Rs Bd-501000 » Version: N/A
When used together with: Innominate » Mguard Industrial Rs Bd-501010 » Version: N/A
When used together with: Innominate » Mguard Industrial Rs Bd-501020 » Version: N/A
When used together with: Innominate » Mguard Industrial Rs Hw-105000 » Version: N/A
When used together with: Innominate » Mguard Pci Bd-111010 » Version: N/A
When used together with: Innominate » Mguard Pci Bd-111020 » Version: N/A
When used together with: Innominate » Mguard Pci Hw-102020 » Version: N/A
When used together with: Innominate » Mguard Pci Hw-102050 » Version: N/A
When used together with: Innominate » Mguard Smart Bd-101010 » Version: N/A
When used together with: Innominate » Mguard Smart Bd-101020 » Version: N/A
When used together with: Innominate » Mguard Smart Hw-101020 » Version: N/A
When used together with: Innominate » Mguard Smart Hw-101050 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2012-3006

EPSS FAQ

0.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3006

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.1	HIGH	AV:N/AC:H/Au:S/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-3006

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3006

http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf

Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf

404 - File Not Found | CISA
Broken Link;Third Party Advisory;US Government Resource
https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs

New research: There's no need to panic over factorable keys–just mind your Ps and Qs
Not Applicable

Jump to

Vulnerability Details : CVE-2012-3006

Products affected by CVE-2012-3006

Exploit prediction scoring system (EPSS) score for CVE-2012-3006

CVSS scores for CVE-2012-3006

CWE ids for CVE-2012-3006

References for CVE-2012-3006