MidnightBSD

Advisories for innominate

CVE-2012-3006 HIGH

The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
innominate mguard_firmware *
CVE-2014-2356 MEDIUM

Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
innominate mguard_firmware 8.0.2
innominate mguard_firmware 7.0.2
innominate mguard_firmware 7.3.1
innominate mguard_firmware 4.2.3
innominate mguard_firmware 5.0.1
innominate mguard_firmware 6.0.2
innominate mguard_firmware 5.1.6
innominate mguard_firmware 4.0.4
innominate mguard_firmware 4.1.1
innominate mguard_firmware 7.2.1
innominate mguard_firmware 7.4.1
innominate mguard_firmware 8.0.0
innominate mguard_firmware 8.0.1
innominate mguard_firmware *
innominate mguard_firmware 6.1.5
innominate mguard_firmware 7.1.1
CVE-2014-9193 HIGH

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,CWE-264,

Products Affected

Vendor Product Version
innominate mguard_firmware 8.0.2
innominate mguard_firmware 8.0.0
innominate mguard_firmware 8.1.3
innominate mguard_firmware 8.0.1
innominate mguard_firmware *
innominate mguard_firmware 8.1.1
innominate mguard_firmware 8.1.2
innominate mguard_firmware 8.0.3
CVE-2015-3966 MEDIUM

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
innominate mguard_firmware 8.0.2
innominate mguard_firmware 8.0.0
innominate mguard_firmware 8.1.4
innominate mguard_firmware 8.1.3
innominate mguard_firmware 8.0.1
innominate mguard_firmware 8.1.1
innominate mguard_firmware 8.1.2
innominate mguard_firmware 8.0.3
innominate mguard_firmware 8.1.6
innominate mguard_firmware 8.1.5