Vulnerabilities > CVE-2013-4218 - Cryptographic Issues vulnerability in Intel Wimax Network Service 1.5.0/1.5.2

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
intel
CWE-310

Summary

The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.pem on all systems, which allows local users to obtain sensitive information via unspecified decryption operations.

Vulnerable Configurations

Part Description Count
Application
Intel
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2013-4218 JBOSS是一个基于J2EE的开放源代码的应用服务器 通过remote-naming把已验证连接缓存在服务器上时存在一个漏洞,在用户成功登录后,远程攻击者可使用remoting客户端需要密码以该用户身份登录,允许以该用户上下文执行任意操作或访问数据 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://rhn.redhat.com/errata/RHSA-2013-1151.html http://rhn.redhat.com/errata/RHSA-2013-1152.html
idSSV:60975
last seen2017-11-19
modified2013-08-27
published2013-08-27
reporterRoot
titleJBoss Enterprise Application Platform Remote-Naming连接处理验证绕过漏洞