Lucene search

MitreCVE-2010-0226

HistoryJan 07, 2010 - 7:30 p.m.

CVE-2010-0226

2010-01-0719:30:00

CWE-255

mitre

web.nvd.nist.gov

sandisk

cruzer

enterprise

usb

flash drives

vulnerability

password replay attacks

cve-2010-0226

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

Affected configurations

Nvd

Node

sandiskcruzer_enterprise_usb

VendorProductVersionCPE
sandiskcruzer_enterprise_usb*cpe:2.3:h:sandisk:cruzer_enterprise_usb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sandisk	cruzer_enterprise_usb	*	cpe:2.3:h:sandisk:cruzer_enterprise_usb::::::::

References

www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009

www.securityfocus.com/bid/37677

www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf

www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9

www.vupen.com/english/advisories/2010/0078

www.ironkey.com/usb-flash-drive-flaw-exposed

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

Related for CVE-2010-0226