CVE-2010-1910

2010-05-1211:46:31

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-1910

consona live assistance

dynamic agent

subscriber assistance

password reset

vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.8%

JSON

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

Affected configurations

NVD

Node

consonaconsona_dynamic_agentMatch--enterprise

consonaconsona_dynamic_agentMatch--marketing

consonaconsona_dynamic_agentMatch--support

consonaconsona_live_assistance

consonaconsona_subscriber_assistance

CPENameOperatorVersion
consona:consona_dynamic_agentconsona consona dynamic agenteq-
consona:consona_live_assistanceconsona consona live assistanceeq*
consona:consona_subscriber_assistanceconsona consona subscriber assistanceeq*

CPE	Name	Operator	Version
consona:consona_dynamic_agent	consona consona dynamic agent	eq	-
consona:consona_live_assistance	consona consona live assistance	eq	*
consona:consona_subscriber_assistance	consona consona subscriber assistance	eq	*