CVE-2012-4687 - Vulnerability Details - OpenCVE

Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postoaktraffic	Awam Bluetooth Reader

Configuration 1 [-]

cpe:2.3:h:postoaktraffic:awam_bluetooth_reader:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.postoaktraffic.com/contact.aspx
http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01

History

Wed, 09 Jul 2025 18:45:00 +0000

Type	Values Removed	Values Added
Title		Post Oak Bluetooth Traffic Systems Insufficient Entropy
Weaknesses		CWE-331
References		http://www.postoaktraffic.com/contact.aspx https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-12-08T15:00:00Z

Updated: 2025-07-09T18:27:31.737Z

Reserved: 2012-08-28T00:00:00Z

Link: CVE-2012-4687

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-12-08T15:55:00.960

Modified: 2025-07-09T19:15:22.840

Link: CVE-2012-4687

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AWAM Bluetooth Reader Traffic System", "vendor": "Post Oak Traffic Systems", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "research group composed of Nadia Heninger (University of California at San Diego), J. Alex Halderman, Zakir Durumeric, and Eric Wustrow (all from the University of Michigan)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value.</p>"}], "value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."}], "metrics": [{"cvssV2_0": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-331", "description": "CWE-331", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-07-09T18:27:31.737Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"}, {"url": "http://www.postoaktraffic.com/contact.aspx"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems.\n\n<br>"}], "value": "Post Oak has developed a patch for the AWAM Bluetooth Reader Traffic \nSystem that mitigates the vulnerability. The patch allows the Bluetooth \nreader to ensure sufficient entropy exists before generating host and \nauthentication keys. The patch will be installed on all new devices when\n initially configured. Existing equipment will be patched by remote \naccess and upgraded to the latest firmware. System owners are encouraged\n to contact Post Oak Traffic Systems, \nsupport@postoaktraffic.com, (281) 381-2887. with questions patching their systems."}], "source": {"advisory": "ICSA-12-335-01", "discovery": "EXTERNAL"}, "title": "Post Oak Bluetooth Traffic Systems Insufficient Entropy", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-4687", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:42:54.990Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-4687", "datePublished": "2012-12-08T15:00:00Z", "dateReserved": "2012-08-28T00:00:00Z", "dateUpdated": "2025-07-09T18:27:31.737Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:postoaktraffic:awam_bluetooth_reader:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEE78368-846D-4B4D-A310-BE836742F0BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof a device by predicting a key value."}, {"lang": "es", "value": "Post Oak AWAM Bluetooth Reader Traffic System \r\nno utiliza la suficiente fuente de entrop\u00eda para claves privadas, haci\u00e9ndolo vulnerable a ataques man-in-the-middle con los que falsificar un dispositivo mediante la predicci\u00f3n de un valor clave."}], "id": "CVE-2012-4687", "lastModified": "2025-07-09T19:15:22.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-08T15:55:00.960", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.postoaktraffic.com/contact.aspx"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-335-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-335-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-331"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Secondary"}]}