Vulnerability Details : CVE-2017-8006
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-8006
- cpe:2.3:a:emc:rsa_authentication_manager:*:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8006
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8006
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-8006
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8006
-
http://seclists.org/fulldisclosure/2017/Jul/23
Full Disclosure: ESA-2017-084: RSA® Authentication Manager Self-Service Console Brute Force PIN-Guessing VulnerabilityMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/99554
EMC RSA Authentication Manager CVE-2017-8006 Brute Force Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038879
RSA Authentication Manager Self-Service Console PIN Guessing Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
Jump to