CVE-2015-6851
medium
CVSS v3
6.7
CVSS v2
7.2
VIR risk
6.7
Description
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
Predictions
Exploit likelihood
66%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| rsa | securid_web_agent | {"endIncluding":"7.2.1"} | |
References
- http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html
- http://seclists.org/bugtraq/2015/Dec/115
- http://www.securityfocus.com/bid/79646
- http://www.securitytracker.com/id/1034510
- http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html
- http://seclists.org/bugtraq/2015/Dec/115
- http://www.securityfocus.com/bid/79646
- http://www.securitytracker.com/id/1034510
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.