CVE-2012-3408

{"id": "CVE-2012-3408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-06T16:55:05.133", "references": [{"url": "http://puppetlabs.com/security/cve/cve-2012-3408/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://puppetlabs.com/security/cve/cve-2012-3408/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."}, {"lang": "es", "value": "lib/puppet/network/authstore.rb en Puppet anterior a v2.7.18, y Puppet Enterprise anterior a v2.5.2, compatible con el uso de direcciones IP en certnames sin previo aviso de los riesgos potenciales, podr\u00edan permitir a atacantes remotos falsificar un agente mediante la adquisici\u00f3n de una direcci\u00f3n IP previamente utilizada."}], "lastModified": "2024-11-21T01:40:48.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "346F9C04-73F0-4244-9086-C16C981C92D1", "versionEndExcluding": "2.5.2"}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05782A68-DC7C-49D0-847A-F64A5C9F7DDB", "versionEndExcluding": "2.7.18"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}