EMC RSA Adaptive Authentication On-Premise 6.0.2.1 improper authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability marked as problematic has been reported in EMC RSA Adaptive Authentication On-Premise 6.0.2.1. Affected is an unknown function of the component Adaptive Authentication. This manipulation causes improper authentication. This vulnerability is handled as CVE-2011-2733. There is not any exploit available.
Details
A vulnerability classified as critical was found in EMC RSA Adaptive Authentication On-Premise 6.0.2.1. Affected by this vulnerability is an unknown code of the component Adaptive Authentication. The manipulation with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
The weakness was released 08/18/2011 (Website). The advisory is shared at securityfocus.com. This vulnerability is known as CVE-2011-2733 since 07/13/2011. The attack can be launched remotely. A single authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 49574†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.dellemc.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.6
VulDB Base Score: 7.6
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
07/13/2011 🔍08/18/2011 🔍
08/18/2011 🔍
09/12/2011 🔍
03/23/2015 🔍
01/15/2018 🔍
Sources
Vendor: dellemc.comAdvisory: securityfocus.com⛔
Status: Not defined
CVE: CVE-2011-2733 (🔍)
GCVE (CVE): GCVE-0-2011-2733
GCVE (VulDB): GCVE-100-58321
SecurityFocus: 49574 - EMC Avamar Privilege Enforcement Security Bypass Vulnerability
Entry
Created: 03/23/2015 16:50Updated: 01/15/2018 11:43
Changes: 03/23/2015 16:50 (46), 01/15/2018 11:43 (4)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.