Vulnerability Name:

CVE-2015-6851 (CCN-109120)

Assigned:2015-12-21
Published:2015-12-21
Updated:2016-12-07
Summary:EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.
CVSS v3 Severity:6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.7 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-284
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2015-6851

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/135013/RSA-SecurID-Web-Agent-Authentication-Bypass.html

Source: BUGTRAQ
Type: UNKNOWN
20151221 ESA-2015-177: RSA SecurID Web Agent Authentication Bypass Vulnerability

Source: CCN
Type: EMC Security Advisory ESA-2015-177
RSA SecurID Web Agent Re-Authentication Bug Lets Local Users Bypass Authentication

Source: BID
Type: UNKNOWN
79646

Source: CCN
Type: BID-79646
RSA SecurID Web Agent CVE-2015-6851 Local Authentication Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1034510

Source: XF
Type: UNKNOWN
rsa-securid-cve20156851-sec-bypass(109120)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rsa:securid_web_agent:*:*:*:*:*:*:*:* (Version <= 7.2.1)

    • * Denotes that component is vulnerable
    BACK
    rsa securid web agent *