PT-2012-4420 · Cososys · Cososys Endpoint Protector

Christopher Campbell

Published

2012-09-18

Updated

2013-03-02

CVE-2012-2994

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CoSoSys Endpoint Protector version 4

Description The issue allows remote attackers to gain access via a brute-force attack because the EPProot password is based entirely on the appliance serial number.

Recommendations For CoSoSys Endpoint Protector version 4, consider changing the EPProot password to a strong, unique value that does not rely on the appliance serial number to prevent brute-force attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2994

Affected Products

Cososys Endpoint Protector

PT-2012-4420 · Cososys · Cososys Endpoint Protector

CVE-2012-2994

Weakness Enumeration

Related Identifiers

Affected Products

References · 4