CVE-2012-4588 - OpenCVE

McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mcafee	Enterprise Mobility Manager Agent Enterprise Mobility Manager

Configuration 1 [-]

OR	cpe:2.3:a:mcafee:enterprise_mobility_manager::::::::
	cpe:2.3:a:mcafee:enterprise_mobility_manager_agent::::::::

References

Link	Resource
https://kc.mcafee.com/corporate/index?page=content&id=SB10021	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:32

Updated: 2022-10-03T16:15:32

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-4588

JSON object: View

NVD Information

Status : Analyzed

Published: 2012-08-22T10:42:05.037

Modified: 2012-08-22T10:42:05.037

Link: CVE-2012-4588

JSON object: View

Redhat Information

No data.

CWE

CWE-255

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4588", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-4588", "datePublished": "2022-10-03T16:15:32", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DCCAEA-C934-4945-86FB-9E4A11C62FF7", "versionEndIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "2818ACB8-CD7A-46EB-AD25-F709EA1C779B", "versionEndIncluding": "10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames."}, {"lang": "es", "value": "McAfee Enterprise Mobility Manager (EMM) Agent antes de v4.8 y EMM Server antes de v10.1 registra todos los nombres de usuario que han realizado algun intento de conexi\u00f3n fallido, y los coloca en una listado de cuentas por si un administrador pudiera estar interesado en desbloquearlas, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por un tama\u00f1o de la lista excesivo en la base de datos EMM) a trav\u00e9s de una serie de intentos de conexi\u00f3n fallidos con diferentes nombres de usuario.\r\n"}], "id": "CVE-2012-4588", "lastModified": "2012-08-22T10:42:05.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-22T10:42:05.037", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10021"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}