Lucene search

[email protected]CVE-2012-4587

HistoryAug 22, 2012 - 10:42 a.m.

CVE-2012-4587

2012-08-2210:42:05

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-4587

nvd

mcafee

emm

agent

server

dns

srv

vulnerability

otp

remote attackers

spoofing

ios

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.

Affected configurations

NVD

Node

mcafeeenterprise_mobility_managerRange≤4.7

mcafeeenterprise_mobility_manager_agentRange≤10.0

CPENameOperatorVersion
mcafee:enterprise_mobility_managermcafee enterprise mobility managerle4.7
mcafee:enterprise_mobility_manager_agentmcafee enterprise mobility manager agentle10.0

CPE	Name	Operator	Version
mcafee:enterprise_mobility_manager	mcafee enterprise mobility manager	le	4.7
mcafee:enterprise_mobility_manager_agent	mcafee enterprise mobility manager agent	le	10.0

References

exchange.xforce.ibmcloud.com/vulnerabilities/78130

kc.mcafee.com/corporate/index?page=content&id=SB10021

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.3%

JSON

Related for CVE-2012-4587

cvelist1 nvd1 prion1