Vulnerabilites related to innominate - mguard_firmware
CVE-2012-3006 (GCVE-0-2012-3006)
Vulnerability from cvelistv5
Published
2012-06-19 18:00
Modified
2024-09-16 23:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-06-19T18:00:00Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs",
"refsource": "MISC",
"url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
},
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2012-3006",
"datePublished": "2012-06-19T18:00:00Z",
"dateReserved": "2012-05-30T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:27.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9193 (GCVE-0-2014-9193)
Vulnerability from cvelistv5
Published
2014-12-20 00:00
Modified
2025-07-28 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innominate | mGuard |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mGuard",
"vendor": "Innominate",
"versions": [
{
"lessThanOrEqual": "8.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.6.6"
},
{
"status": "unaffected",
"version": "8.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices."
}
],
"datePublic": "2014-12-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.\u003c/p\u003e"
}
],
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:35:16.302Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-352-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\u003c/p\u003e\n\u003cp\u003eFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/security-advisories\"\u003ehttp://www.innominate.com/en/downloads/security-advisories\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eInnominate\u2019s firmware updates are available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/updates\"\u003ehttp://www.innominate.com/en/downloads/updates\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Innominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\n\n\nFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\n\n http://www.innominate.com/en/downloads/security-advisories \n\n\nInnominate\u2019s firmware updates are available on its web site at:\n\n http://www.innominate.com/en/downloads/updates"
}
],
"source": {
"advisory": "ICSA-14-352-02",
"discovery": "INTERNAL"
},
"title": "Innominate mGuard Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9193",
"datePublished": "2014-12-20T00:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-28T20:35:16.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2356 (GCVE-0-2014-2356)
Vulnerability from cvelistv5
Published
2014-07-30 14:00
Modified
2024-08-06 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-30T14:57:00",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2356",
"datePublished": "2014-07-30T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2024-08-06T10:14:25.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3966 (GCVE-0-2015-3966)
Vulnerability from cvelistv5
Published
2015-08-30 14:00
Modified
2024-08-06 06:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-30T14:57:03",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3966",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-06-19 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf | Broken Link, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf | Broken Link, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| innominate | mguard_firmware | * | |
| innominate | eagle_mguard_bd-301010 | - | |
| innominate | eagle_mguard_hw-201000 | - | |
| innominate | mguard_blade_hw-104020 | - | |
| innominate | mguard_blade_hw-104050 | - | |
| innominate | mguard_delta_bd-201000 | - | |
| innominate | mguard_delta_hw-103050 | - | |
| innominate | mguard_industrial_rs_bd-501000 | - | |
| innominate | mguard_industrial_rs_bd-501010 | - | |
| innominate | mguard_industrial_rs_bd-501020 | - | |
| innominate | mguard_industrial_rs_hw-105000 | - | |
| innominate | mguard_pci_bd-111010 | - | |
| innominate | mguard_pci_bd-111020 | - | |
| innominate | mguard_pci_hw-102020 | - | |
| innominate | mguard_pci_hw-102050 | - | |
| innominate | mguard_smart_bd-101010 | - | |
| innominate | mguard_smart_bd-101020 | - | |
| innominate | mguard_smart_hw-101020 | - | |
| innominate | mguard_smart_hw-101050 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1137F55-09EF-4F7C-8EFF-923B6C8CBA75",
"versionEndExcluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:innominate:eagle_mguard_bd-301010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39221D0D-E26E-4477-9CC7-C7DD8E3991FF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:eagle_mguard_hw-201000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7B31DD61-EB19-449E-9800-3FE35ABCB923",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_blade_hw-104020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E79CDFEB-98E1-42E1-8F71-D15B6F439135",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_blade_hw-104050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "275E8504-9771-4CAA-859C-AE1CF83C0AAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_delta_bd-201000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC67D72-51CF-4B76-A439-0135B0494412",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_delta_hw-103050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC89F6F-A767-4C38-A2E3-8927E8B43A40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D78EF2-A75A-4F47-8907-CDF4091F6E1B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86C7033A-ECFA-4487-AF65-E0B787312F43",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_bd-501020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2DD96F8-6BF2-44B8-B458-22B34A2C7C49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_industrial_rs_hw-105000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCD2CCC-FA85-42AA-931A-23DE15319BD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_pci_bd-111010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B19092E-9542-45D2-8323-FCB2F08A7CDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_pci_bd-111020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66EA5A6-B1E4-45F1-B60F-73C6D7CC2011",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_pci_hw-102020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED522AD4-21E5-44C7-BE73-92318D84A59F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_pci_hw-102050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366A012C-905C-4523-AE75-2864C329693C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_smart_bd-101010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B23C8DDF-74C1-41EC-961F-C8D2759087C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_smart_bd-101020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC7B1E51-6FBB-4EA4-9170-D862648D112D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_smart_hw-101020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94736549-BC05-4336-A800-4E11628BDFDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:innominate:mguard_smart_hw-101050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99114202-2EC3-4DDB-9ABF-F36A841CCF39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value."
},
{
"lang": "es",
"value": "The Innominate mGuard Smart HW antes de HW-101130 y BD antes de BD-101030, mGuard industrial RS, mGuard delta HW antes de HW-103060 y BD antes de BD-211010, mGuard PCI, mGuard blade, y EAGLE mGuard con sistema anterior a v7.5.0, no utiliza una fuente suficiente de la entrop\u00eda de las claves privadas, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes de MITM (man-in-the-middle) falsificar (1) HTTPS o (2) servidores SSH mediante la predicci\u00f3n de un valor clave."
}
],
"id": "CVE-2012-3006",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-19T18:55:01.113",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Not Applicable"
],
"url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-30 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| innominate | mguard_firmware | 8.0.0 | |
| innominate | mguard_firmware | 8.0.1 | |
| innominate | mguard_firmware | 8.0.2 | |
| innominate | mguard_firmware | 8.0.3 | |
| innominate | mguard_firmware | 8.1.1 | |
| innominate | mguard_firmware | 8.1.2 | |
| innominate | mguard_firmware | 8.1.3 | |
| innominate | mguard_firmware | 8.1.4 | |
| innominate | mguard_firmware | 8.1.5 | |
| innominate | mguard_firmware | 8.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A14A9C8-D4E3-45F4-B1F8-F9D93F48506A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5055C2CB-9D8A-4490-90EC-C32C019E756F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1080DE53-1831-4BD4-9084-5ADB6886526C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81F1A071-7FA9-4317-A4E1-D05150587F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F59B18C5-4164-454E-907D-7B5D0DAC0675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B52E63-9C7E-41F9-B268-3EF905F89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F42DC442-074D-4223-9FD2-2B010E004255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C62E89D-2412-4E9D-952F-4BF160BFA06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3BFE4F-B47C-45DA-A4A2-B1BC228107B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0C3C6A-BCC2-46F8-A285-504662590B8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression."
},
{
"lang": "es",
"value": "Vulnerabilidad en el proceso de establecimiento IPsec SA en dispositivos Innominate mGuard con firmware 8.x en versiones anteriores a 8.1.7, permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (reinicio del servicio VPN) mediante el aprovechamiento de una relaci\u00f3n de pares para enviar una configuraci\u00f3n manipulada con compresi\u00f3n."
}
],
"id": "CVE-2015-3966",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-30T14:59:00.110",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-20 00:59
Modified
2025-07-28 21:15
Severity ?
Summary
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf | Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-14-352-02 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| innominate | mguard_firmware | * | |
| innominate | mguard_firmware | 8.0.0 | |
| innominate | mguard_firmware | 8.0.1 | |
| innominate | mguard_firmware | 8.0.2 | |
| innominate | mguard_firmware | 8.0.3 | |
| innominate | mguard_firmware | 8.1.1 | |
| innominate | mguard_firmware | 8.1.2 | |
| innominate | mguard_firmware | 8.1.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AEF887D-FBFD-4EC4-BAF4-9BE80EDEAF6D",
"versionEndIncluding": "7.6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A14A9C8-D4E3-45F4-B1F8-F9D93F48506A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5055C2CB-9D8A-4490-90EC-C32C019E756F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1080DE53-1831-4BD4-9084-5ADB6886526C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81F1A071-7FA9-4317-A4E1-D05150587F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F59B18C5-4164-454E-907D-7B5D0DAC0675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B52E63-9C7E-41F9-B268-3EF905F89C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F42DC442-074D-4223-9FD2-2B010E004255",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
},
{
"lang": "es",
"value": "Innominate mGuard con firmware anterior a 7.6.6 y 8.x anterior a 8.1.4 permite a administradores remotos autenticados obtener privilegios de root al cambiar a una configuraci\u00f3n PPP."
}
],
"id": "CVE-2014-9193",
"lastModified": "2025-07-28T21:15:24.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"userInteractionRequired": false
},
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-20T00:59:03.633",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-352-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| innominate | mguard_firmware | * | |
| innominate | mguard_firmware | 4.0.4 | |
| innominate | mguard_firmware | 4.1.1 | |
| innominate | mguard_firmware | 4.2.3 | |
| innominate | mguard_firmware | 5.0.1 | |
| innominate | mguard_firmware | 5.1.6 | |
| innominate | mguard_firmware | 6.0.2 | |
| innominate | mguard_firmware | 6.1.5 | |
| innominate | mguard_firmware | 7.0.2 | |
| innominate | mguard_firmware | 7.1.1 | |
| innominate | mguard_firmware | 7.2.1 | |
| innominate | mguard_firmware | 7.3.1 | |
| innominate | mguard_firmware | 7.4.1 | |
| innominate | mguard_firmware | 8.0.0 | |
| innominate | mguard_firmware | 8.0.1 | |
| innominate | mguard_firmware | 8.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6194A58A-3409-4E4E-BF26-DB2D15BFE391",
"versionEndIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E41381DB-C17E-4F94-A9B5-57CE84982677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBA9D22-2A39-4A81-B3C4-21DADCC539A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA39812-F53E-4441-B95A-EBA2A14A6771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF5C33A-561F-461F-9A9B-85F51ECED610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E495E3A8-01F2-4D8F-95AB-6BCB1B5A1E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A23B6E3-D4DE-46CF-9DDB-31E14D898A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9C75D9-00A7-42AA-9BCF-FFE4D754F2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6D6BF50-9082-422E-B85C-6343C6CFAF07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38C28F6A-D59A-47BC-A7B9-A76EBB88AA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6519EE01-0C68-4AC1-8387-4893FF661B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC25566-0891-4CE3-8724-1DC27A7ADF09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4893FA-A9E7-4F38-A031-5EABC696C2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A14A9C8-D4E3-45F4-B1F8-F9D93F48506A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5055C2CB-9D8A-4490-90EC-C32C019E756F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:innominate:mguard_firmware:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1080DE53-1831-4BD4-9084-5ADB6886526C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
},
{
"lang": "es",
"value": "Innominate mGuard anterior a 7.6.4 y 8.x anterior a 8.0.3 no requiere la autenticaci\u00f3n para descargas de instant\u00e1neas, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud HTTPS manipulada."
}
],
"id": "CVE-2014-2356",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-30T14:55:06.680",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}