CVE-2012-3018
First published: Tue Jul 31 2012(Updated: )
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ICONICS GENESIS32 | <=9.22 | |
| ICONICS GENESIS32 | =8.05 | |
| ICONICS GENESIS32 | =9.0 | |
| ICONICS GENESIS32 | =9.1 | |
| ICONICS GENESIS32 | =9.01 | |
| ICONICS GENESIS32 | =9.2 | |
| ICONICS GENESIS32 | =9.13 | |
| ICONICS GENESIS32 | =9.20 | |
| ICONICS GENESIS32 | =9.21 | |
| ICONICS BizViz | <=9.22 | |
| ICONICS BizViz | =8.05 | |
| ICONICS BizViz | =9.0 | |
| ICONICS BizViz | =9.01 | |
| ICONICS BizViz | =9.1 | |
| ICONICS BizViz | =9.2 | |
| ICONICS BizViz | =9.13 | |
| ICONICS BizViz | =9.20 | |
| ICONICS BizViz | =9.21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-3018?
CVE-2012-3018 is considered to have a high severity due to its potential to allow unauthorized access to sensitive administrative functions.
How do I fix CVE-2012-3018?
To mitigate CVE-2012-3018, upgrade to the latest version of ICONICS GENESIS32 or BizViz that addresses this vulnerability.
What software is affected by CVE-2012-3018?
CVE-2012-3018 affects ICONICS GENESIS32 versions 9.22 and earlier, and BizViz versions 9.22 and earlier.
What type of vulnerability is CVE-2012-3018?
CVE-2012-3018 is an access control vulnerability caused by improper encryption algorithms in the authentication code generation.
Can local users exploit CVE-2012-3018?
Yes, local users can exploit CVE-2012-3018 to bypass access restrictions and gain administrative access.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/iconics
- canonical/iconics genesis32
- version/iconics genesis32/9.22
- version/iconics genesis32/8.05
- version/iconics genesis32/9.0
- version/iconics genesis32/9.1
- version/iconics genesis32/9.01
- version/iconics genesis32/9.2
- version/iconics genesis32/9.13
- version/iconics genesis32/9.20
- version/iconics genesis32/9.21
- canonical/iconics bizviz
- version/iconics bizviz/9.22
- version/iconics bizviz/8.05
- version/iconics bizviz/9.0
- version/iconics bizviz/9.01
- version/iconics bizviz/9.1
- version/iconics bizviz/9.2
- version/iconics bizviz/9.13
- version/iconics bizviz/9.20
- version/iconics bizviz/9.21