CVE-2017-8006
low-risk
Published 2017-07-17
In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources.
Do I need to act?
-
0.97% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Rsa Authentication Manager
Affected Vendors
References (6)
Mailing List
http://seclists.org/fulldisclosure/2017/Jul/23
Third Party Advisory
http://www.securityfocus.com/bid/99554
Third Party Advisory
http://www.securitytracker.com/id/1038879
Mailing List
http://seclists.org/fulldisclosure/2017/Jul/23
Third Party Advisory
http://www.securityfocus.com/bid/99554
Third Party Advisory
http://www.securitytracker.com/id/1038879
26
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
3/34 · Minimal
Exposure
5/34 · Minimal