| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, has been found in SanDisk Cruzer Enterprise USB (version unknown). Affected by this issue is an unknown function. The manipulation with an unknown input leads to a credentials management vulnerability. Using CWE to declare the problem leads to CWE-255. Impacted is confidentiality, integrity, and availability. CVE summarizes:
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
The weakness was shared 01/07/2010 by Matthias Deeg (Basti) with SYSS (Website). The advisory is shared for download at ironkey.com. This vulnerability is handled as CVE-2010-0224 since 01/07/2010. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1552.
It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the vulnerability database at X-Force (55475). The entries 51469, 51468, 51467 and 51466 are related to this item.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.9
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Credentials managementCWE: CWE-255
ATT&CK: T1552
Local: Yes
Remote: No
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Timeline
01/07/2010 🔍01/07/2010 🔍
01/07/2010 🔍
01/07/2010 🔍
01/08/2010 🔍
01/11/2010 🔍
03/18/2015 🔍
12/22/2017 🔍
Sources
Advisory: ironkey.comResearcher: Matthias Deeg (Basti)
Organization: SYSS
Status: Confirmed
CVE: CVE-2010-0224 (🔍)
X-Force: 55475 - SanDisk access control security bypass
SecurityTracker: 1023408
SecurityFocus: 37677 - SanDisk Cruzer Enterprise USB Flash Drives Access Control Security Bypass Vulnerability
Secunia: 37927 - SanDisk Cruzer Enterprise USB Flash Drives "ExmpSrv.exe" Vulnerability, Less Critical
Vupen: ADV-2010-0078
See also: 🔍
Entry
Created: 03/18/2015 15:15Updated: 12/22/2017 08:47
Changes: 03/18/2015 15:15 (56), 12/22/2017 08:47 (9)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.