Vulnerability Description
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Innominate | Mguard Firmware | < 7.5.0 |
| Innominate | Eagle Mguard Bd-301010 | - |
| Innominate | Eagle Mguard Hw-201000 | - |
| Innominate | Mguard Blade Hw-104020 | - |
| Innominate | Mguard Blade Hw-104050 | - |
| Innominate | Mguard Delta Bd-201000 | - |
| Innominate | Mguard Delta Hw-103050 | - |
| Innominate | Mguard Industrial Rs Bd-501000 | - |
| Innominate | Mguard Industrial Rs Bd-501010 | - |
| Innominate | Mguard Industrial Rs Bd-501020 | - |
| Innominate | Mguard Industrial Rs Hw-105000 | - |
| Innominate | Mguard Pci Bd-111010 | - |
| Innominate | Mguard Pci Bd-111020 | - |
| Innominate | Mguard Pci Hw-102020 | - |
| Innominate | Mguard Pci Hw-102050 | - |
| Innominate | Mguard Smart Bd-101010 | - |
| Innominate | Mguard Smart Bd-101020 | - |
| Innominate | Mguard Smart Hw-101020 | - |
| Innominate | Mguard Smart Hw-101050 | - |
Related Weaknesses (CWE)
References
- http://www.innominate.com/data/downloads/software/innominate_security_advisory_2Vendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdfBroken LinkThird Party AdvisoryUS Government Resource
- https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-overNot Applicable
- http://www.innominate.com/data/downloads/software/innominate_security_advisory_2Vendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdfBroken LinkThird Party AdvisoryUS Government Resource
- https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-overNot Applicable
FAQ
What is CVE-2012-3006?
CVE-2012-3006 is a vulnerability with a CVSS score of 7.1 (HIGH). The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appl...
How severe is CVE-2012-3006?
CVE-2012-3006 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3006?
Check the references section above for vendor advisories and patch information. Affected products include: Innominate Mguard Firmware, Innominate Eagle Mguard Bd-301010, Innominate Eagle Mguard Hw-201000, Innominate Mguard Blade Hw-104020, Innominate Mguard Blade Hw-104050.