Vulnerability Description
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Breakingpointsystems | Breakingpoint Storm Appliance Ctm | <= 2.0 |
| Breakingpointsystems | Breakingpoint Storm Appliance | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/520430US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8GANCCUS Government Resource
- http://www.secureworks.com/research/advisories/SWRX-2012-006/
- http://www.kb.cert.org/vuls/id/520430US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8GANCCUS Government Resource
- http://www.secureworks.com/research/advisories/SWRX-2012-006/
FAQ
What is CVE-2012-2964?
CVE-2012-2964 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information b...
How severe is CVE-2012-2964?
CVE-2012-2964 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2964?
Check the references section above for vendor advisories and patch information. Affected products include: Breakingpointsystems Breakingpoint Storm Appliance Ctm, Breakingpointsystems Breakingpoint Storm Appliance.