Vulnerability Description
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tropos | Mesh Os | <= 7.9.1 |
| Tropos | 1310 Distrubution Automation Mesh Router | - |
| Tropos | 1410 Mesh Router | - |
| Tropos | 1410 Wireless Mesh Router | - |
| Tropos | 3310 Indoor Mesh Router | - |
| Tropos | 3320 Indoor Mesh Router | - |
| Tropos | 4310 Mobile Mesh Router | - |
| Tropos | 6310 Mesh Router | - |
| Tropos | 6320 Mesh Router | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-297-01
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-297-01.pdfUS Government Resource
FAQ
What is CVE-2012-4898?
CVE-2012-4898 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a cli...
How severe is CVE-2012-4898?
CVE-2012-4898 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4898?
Check the references section above for vendor advisories and patch information. Affected products include: Tropos Mesh Os, Tropos 1310 Distrubution Automation Mesh Router, Tropos 1410 Mesh Router, Tropos 1410 Wireless Mesh Router, Tropos 3310 Indoor Mesh Router.