Lucene search

[email protected]CVE-2010-0225

HistoryJan 07, 2010 - 7:30 p.m.

CVE-2010-0225

2010-01-0719:30:00

CWE-312

[email protected]

web.nvd.nist.gov

sandisk

cruzer

enterprise

usb

flash drives

security

vulnerability

cve-2010-0225

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.9%

JSON

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

Affected configurations

NVD

Node

sandiskcruzer_enterprise_firmwareMatch-

AND

sandiskcruzer_enterpriseMatch-

CPENameOperatorVersion
sandisk:cruzer_enterprise_firmwaresandisk cruzer enterprise firmwareeq-

CPE	Name	Operator	Version
sandisk:cruzer_enterprise_firmware	sandisk cruzer enterprise firmware	eq	-

References

blogs.zdnet.com/hardware/?p=6655

it.slashdot.org/story/10/01/05/1734242/

www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html

www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009

www.securityfocus.com/bid/37677

www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf

www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9

www.vupen.com/english/advisories/2010/0078

www.ironkey.com/usb-flash-drive-flaw-exposed

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for CVE-2010-0225

nvd1 prion1 cvelist1