Vulnerability Description
Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secure Elements | Class 5 Enterprise Vulnerability Management | 2.8.0 |
References
- http://secunia.com/advisories/20377
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/346377Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAQN6
- http://www.vupen.com/english/advisories/2006/2068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26740
- http://secunia.com/advisories/20377
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/346377Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAQN6
- http://www.vupen.com/english/advisories/2006/2068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26740
FAQ
What is CVE-2006-2711?
CVE-2006-2711 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to ob...
How severe is CVE-2006-2711?
CVE-2006-2711 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2711?
Check the references section above for vendor advisories and patch information. Affected products include: Secure Elements Class 5 Enterprise Vulnerability Management.