Lucene search

MitreCVE-2010-1907

HistoryMay 12, 2010 - 11:46 a.m.

CVE-2010-1907

2010-05-1211:46:31

CWE-200

mitre

web.nvd.nist.gov

cve-2010-1907

sdcuser

tgconctl

activex control

tgctlcm.dll

consona live assistance

dynamic agent

subscriber assistance

username disclosure

pathname disclosure

getusername method

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method.

Affected configurations

Nvd

Node

consonaconsona_dynamic_agentMatch--enterprise

consonaconsona_dynamic_agentMatch--marketing

consonaconsona_dynamic_agentMatch--support

consonaconsona_live_assistance

consonaconsona_subscriber_assistance

VendorProductVersionCPE
consonaconsona_dynamic_agent-cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:*:*:*:*:*
consonaconsona_dynamic_agent-cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:*:*:*:*:*
consonaconsona_dynamic_agent-cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*
consonaconsona_live_assistance*cpe:2.3:a:consona:consona_live_assistance:*:*:*:*:*:*:*:*
consonaconsona_subscriber_assistance*cpe:2.3:a:consona:consona_subscriber_assistance:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
consona	consona_dynamic_agent	-	cpe:2.3:a:consona:consona_dynamic_agent:-:-:enterprise:::::*
consona	consona_dynamic_agent	-	cpe:2.3:a:consona:consona_dynamic_agent:-:-:marketing:::::*
consona	consona_dynamic_agent	-	cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:::::*
consona	consona_live_assistance	*	cpe:2.3:a:consona:consona_live_assistance::::::::
consona	consona_subscriber_assistance	*	cpe:2.3:a:consona:consona_subscriber_assistance::::::::

References

wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html

www.kb.cert.org/vuls/id/602801

www.securityfocus.com/archive/1/511176/100/0/threaded

www.wintercore.com/downloads/rootedcon_0day.pdf

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.007

Percentile

79.8%

JSON

Related for CVE-2010-1907