CVE-2012-2993

Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
certccCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
microsoftwindows_phone_7_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/85619
http://www.kb.cert.org/vuls/id/389795
http://www.securityfocus.com/bid/55569
http://www.securitytracker.com/id?1027541
https://exchange.xforce.ibmcloud.com/vulnerabilities/78620
http://osvdb.org/85619
http://www.kb.cert.org/vuls/id/389795
http://www.securityfocus.com/bid/55569
http://www.securitytracker.com/id?1027541
https://exchange.xforce.ibmcloud.com/vulnerabilities/78620