Vulnerability CVE-2012-4898


Published: 2012-12-18

Description:
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.1/10
7.8/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Partial
None
Affected software
Tropos -> 1310 distrubution automation mesh router 
Tropos -> 1410 mesh router 
Tropos -> 1410 wireless mesh router 
Tropos -> 3310 indoor mesh router 
Tropos -> 3320 indoor mesh router 
Tropos -> 4310 mobile mesh router 
Tropos -> 6310 mesh router 
Tropos -> 6320 mesh router 
Tropos -> Mesh os 

 References:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdf

Copyright 2024, cxsecurity.com

 

Back to Top